Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 2000+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 40+ highly qualified cyber security experts, including certified ethical hackers / penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM, GNFA), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 27035 Incident Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s Digital Forensics & Incident Response (DFIR) team supports you with around-the-clock expert assistance (24 h x 365 days).
Events
14-Jun-21
01 July 2021: Developer Week '21 – Expert Talk About OWASP Top 10
At this year’s Developer Week, which will take place from 28 June to 2 July 2021 as a remote conference, Frank Ully, CTO Oneconsult Deutschland GmbH and Senior Penetration Tester & Security Consultant, will talk about the OWASP Top Ten: possible attacks on web applications and their causes, which measures you can use to protect your applications against such attacks and why it is essential to consider them already during developement – and not only at a later stage.
[more]
27-May-21
30 June 2021: Digicomp Hacking Day 2021
At this year’s Hacking Day, which is themed “Attack Targets 2021 – Do You Know Where Your Risk Lies?”, you can learn more about current cyber threats from experienced cyber security experts in a variety of presentations and live hacking workshops, and learn about strategies to protect yourself against potential attacks. Among the speakers will be Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, with a live hacking workshop called “Hackademy Advanced: Cyber Attacks & Defense”.
The Hacking Day 2021 will be held as an online event on Wednesday, 30 June 2021.
The agenda with further details and registration are available on the Digicomp website.
News & Advisories
29-Jul-21
One Step Ahead of the Cybercriminals – Article for SMEs in "Applica" Magazine
Small and medium-sized enterprises (SMEs) are a popular target for cybercriminals. In the current isssue 07/2021 of Applica (available in German only), a magazine issued by the Swiss Painting and Plastering Contractor Association (SMGV), Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, provides an insight into the background and frequent attack methods and details protective measures for SMEs – as the impact of a successful cyber attack can be devastating.
[more]
22-Jul-21
New iX With Two Cover Topics From Oneconsult DFIR Team
The current issue 08/2021 of iX magazine features two cover topics from Oneconsult’s DFIR team (Digital Forensics & Incident Response): In part 10 of the Active Directory article series, Fabian Murer, Senior Digital Forensics & Incident Response Specialist, explains how logs efficiently complement hardening measures, which have already been implemented, to detect potential attacks in a timely manner. Moreover, Gregor Wegberg, Head of Digital Forensics & Incident Response, continues his IT forensics tutorial series and demonstrates how “Kroll Artifact Parser and Extractor” (KAPE), which has been introduced in the first article of the tutorial, can be used to analyse Autoruns artefacts in order to determine whether an attacker or malware has gained persistence on a system after a successful attack.
[more]
Pen Tester's Diary
15-Jul-21
OWASP IoTGoat – Deliberately Insecure IoT Firmware
by Jakob Kunzmann
IoTGoat is intentionally vulnerable software, like that found on routers for example. Included are the most common vulnerabilities of IoT devices. The project serves to raise awareness of these vulnerabilities in order to make future generations of IoT devices and networks more secure. This article introduces both the project in general and some of the vulnerabilities.
[read the German article]
05-May-21
How to Store Passwords Securely
by Sandro Affentranger
Data leaks – incidents in which unauthorized persons have gained access to data collections – occur from time to time. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored “hashed”. This article looks at which hash functions are suitable for this purpose.
[read the German article]
Our customers value our expertise and vast project experience of over
Penetration test projects, over 1100 of which OSSTMM-compliant
Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.
Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls
Methods and Standards
Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.
Holding
Oneconsult International AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland
+41 43 377 22 22
info@oneconsult.com
Switzerland
Headquarters
Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland
+41 43 377 22 22
info@oneconsult.com
Oneconsult AG
Aarbergergasse 56
3011 Bern
Switzerland
+41 31 327 15 15
info@oneconsult.com
Germany
Oneconsult Deutschland GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Germany
+49 89 248820 600
info@oneconsult.com
