Offensive Security

We test your IT environment as ethical hackers. We think like an attacker, but we also know your systems as the people who build them. This way, we find vulnerabilities before criminals do.

ISO 27001
ISO 9001
Cyberveilig Nederland
CTPAS Certified
Call us: +31 20 716 5487

Pepijn van der Stap

Offensive Security Lead

Over 15 years experience • Speaks “Unix” • Reformed hacker, now on the good side

Read Pepijn's story →

“I didn't always choose the right path. Because of that, I've seen security from both the attacker's and the defender's side. I learned from those mistakes. Knowledge should be used to build and protect, not just to break things. I understand how an attacker thinks and what a defender needs. That's why I work at Neo Security now.”

“It started with curiosity for me. As a child, I read books like Artemis Fowl and discovered that the world is full of complex systems you can understand. Later I became a fan of Unix (a technical operating system) and programming languages like Go and C. I read RFCs and compliance documents with the same focus. For me, they are not boring rules, but blueprints for creating order and safety.”

“My past has convinced me that you must deeply understand the offense to build the strongest defense.”

Our offensive security services

Penetration Testing

In-depth security tests by engineers who have built these systems themselves. We hack your environment in a controlled manner to find vulnerabilities.

  • Network & infrastructure
  • Web applications
  • API’s & microservices
  • Cloud environments
Meer informatie

Red Team Operations

Realistic attack simulations that go beyond a standard pentest. We test not only technology but also processes and people.

  • APT simulations
  • Physical + digital
  • Long-term campaigns
  • Focus on remaining undetected
Meer informatie

Social Engineering

We test the human factor with controlled phishing, vishing, and physical intrusion.

  • Phishing campaigns
  • Vishing attacks
  • Physical intrusion
  • Insider threat simulations
Meer informatie

Cloud Security Testing

Security tests of your cloud environments, even if you use multiple clouds simultaneously (multi-cloud) like AWS, Azure, and GCP.

  • IAM assessments
  • Container security
  • Serverless testing
  • Multi-cloud strategy
Meer informatie

Mobile App Testing

End-to-end security tests of iOS and Android apps, from the app on the device to the server.

  • iOS & Android apps
  • API backend
  • Certificate pinning
  • Runtime analysis
Meer informatie

OT/SCADA security assessment

Specialized testing for OT/SCADA: industrial control systems such as factory and process control.

  • Protocol analysis
  • Network segmentation
  • Non-disruptive testing
  • ICS security
Meer informatie

Our methodology: step-by-step testing

Fase 1

Reconnaissance

We start by understanding your organization and processes, not with random scans.

  • •OSINT collection
  • •Mapping attack surface
  • •Analysis of business context
Fase 2

Discovery & Enumeration

Targeted exploration of the systems and data that really matter.

  • •Service enumeration
  • •Identifying vulnerabilities
  • •Targeted, custom scans
Fase 3

Exploitation

We show what is really possible by exploiting vulnerabilities.

  • •Exploit development
  • •Combining vulnerabilities
  • •Privilege escalation
Fase 4

Post-Exploitation

We show what an attacker can do after initial access and what that means.

  • •Data exfiltration
  • •Establishing persistent access
  • •Impact analysis for business

Context is everything

In a market full of vague promises, we test your systems with the eyes of engineers who have stood in server rooms themselves. We know there is a difference between security on paper and the unruly reality of a busy IT environment.

Engineering Background

Our pentesters are real techies. They have built the systems they now test for years. As a result, they recognize problems faster and give practical advice.

Business Impact

We look not only at what can go wrong technically. We also show what that means for your daily operation, your customers, and your revenue.

Free Re-test

Have you implemented our recommendations? Then we almost always do a free re-test to verify if the vulnerabilities are really gone.

Trusted by our clients and partners

Trusted by leading organizations

From enterprise to start-up, we protect what matters

Adjust Consulting

VGZ

Healthcare Insurance

De Vries en Metman

Legal Services

Tweede Kamer

Government

Boskalis

Maritime & Dredging

BNDL (Dathuis)
Korper ICT
Adjust Consulting

VGZ

Healthcare Insurance

De Vries en Metman

Legal Services

Tweede Kamer

Government

Boskalis

Maritime & Dredging

BNDL (Dathuis)
Korper ICT
Adjust Consulting

VGZ

Healthcare Insurance

De Vries en Metman

Legal Services

Tweede Kamer

Government

Boskalis

Maritime & Dredging

BNDL (Dathuis)
Korper ICT

Proven results

Read the practical stories of organizations where we have demonstrably improved their security level.

Read more on Neo Security Labs

Ready for a real security test?

You speak directly with a senior engineer. No sales pitches, but substance.

Technical consultation

Schedule 30 minutes with a senior security engineer to go through your situation and questions.

Contact Us

Scope & quote

You will receive a clear quote within 48 hours based on your wishes and environment.

Call: 020-716 5487

Incident response (24/7)

Do you think you have been hacked? Our 24/7 emergency response team is ready to look with you immediately.

Call us. We are reachable 24/7.
500+
Times looked at strangely because our laptops look like we're in a CSI-episode.
15+
Years of experience in offensive and defensive security
24/7
Support available for incidents and questions
100%
Dutch team of engineers and consultants

Questions? Direct contact:

info@neosecurity.nl|+31 20 716 5487|Contactformulier
Offensive Security (offensieve security testen) | Penetratietesten & Red Team Nederland | Neo Security