
Hackmosphere
The best defence is attack.
Our cybersecurity services
Intrusion tests
A penetration test, or pentest, allows you to evaluate the security of your IT environment by simulating an attack from a malicious user.
We offer services for the 3 links of the cybersecurity chain (see below for more details):
Training
Computer security is not just about technology. It is therefore important to train your staff regarding cybersecurity.
Our staff awareness training:
Our pentest offer for the 3 links of the cybersecurity chain
Cyber
« Cyber » services:
- In a « perimeter » way, with penetration tests on restricted environments such as web applications or infrastructures
- In an « objective » way, allowing to carry out a complete attack simulation: The test starts without prior information, with an objective to reach such as “Enterprise Administrator”
Physical
The « physical » services concern access to sensitive data via the organization’s premises.
First, we obtain as much information as possible about the place under test (location of cameras, emergency exits, employee rotation…).
We then try, for example, to obtain a file in the office of an executive member of the company, or to connect to the internal network in a physical way.
Humain
« Human » services :
- The phishing test will educate employees on cyber security regarding malicious emails. A report without personal information will be provided and will allow employees to be more alert to these risks
- The escape game created by our team mixes team-building and cybersecurity. After solving the challenges, a quiz will determine the average level of cybersecurity awareness of the participants. The result will be shared in the form of a report
The different steps of a pentest
Initial contact
Determines the real need (pentest, red teaming, training, phishing…), followed by the sending of a commercial proposal and the General Terms of Services (GTS).
Signature of the contract
Once the proposal and the GTSs are signed, a commitment letter is written. This letter contains important information about the test (type of test, dates, contacts, prices…) and must be signed before the tests start.
Test execution
Testing is initiated, on the dates specified in the contract. Daily contact is maintained with the customer, and he is directly informed in case a critical vulnerability is identified.
Report
We deliver in the form of a report, in the week following the tests. The presentation of the results can be done during a video conference.
Our training courses
Escape Game
During this team-building game of about 40 minutes, 2 to 4 people will put themselves in the shoes of a hacker and will try to recover secret information about their target: Alexandre Dubois.
Target audience : any employee
Training in ethical hacking of Web applications
During this two-day training, a simulated attack on a vulnerable Web application will be simulated by the trainees.
Target audience : Web developers
Training in ethical infrastructure hacking
During this five-day training, a simulated attack on a vulnerable (fictitious) corporate network will be simulated by the trainees.
Target audience : Network engineers
About the company
Hackmosphere accompanies you in your approach to improve the IT security of your organization.
The company provides ethical hacking services for the three links of the cybersecurity chain: cyber, physical and human. These services can take the form of penetration tests to web applications, mobile applications, infrastructure security tests… Or in the form of Red teaming where we will not target a specific system but rather a specific objective (domain administrator, take control of HR application…).
Apart from these offensive tests, we also offer services such as phishing campaigns or cyber security training.
Our team
Florian Ecard specialized in offensive security after obtaining his Master’s degree in 2015 from a prestigious university. He is an expert in testing Active Directory, ICS and application environments as well as performing phishing campaigns. He founded Hackmosphere in 2018.
Piotr Wiecek is an experienced IT security consultant, specializing in Active Directory, Cloud & Kubernetes pentesting. He rvegularly teams up with Florian to perform penetration tests.
The team also relies on the punctual intervention of other cybersecurity consultants.