{"id":3586,"date":"2026-04-13T16:32:32","date_gmt":"2026-04-13T16:32:32","guid":{"rendered":"https:\/\/www.carmasec.com\/services\/offensive-security\/"},"modified":"2026-06-10T13:03:59","modified_gmt":"2026-06-10T13:03:59","slug":"offensive-security","status":"publish","type":"page","link":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","title":{"rendered":"Offensive Security"},"content":{"rendered":"\n<section id=\"m-hero__container-block_9506b38bb8ada65c7cd5d1e8731cf57e\" class=\"m-hero__container  u-color-white u-relative\"><figure class=\"u-absolute u-pos--top u-pos--left u-full--width u-full--height\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1920x700.jpg\" width=\"1920\" height=\"700\" srcset=\"\" sizes=\"(max-width: 1920px) 100vw, 1920px\" alt=\"Blauer Hintergrund\" class=\"u-image--cover\"  \/>\n        <\/figure><div class=\"o-container u-relative u-index--1 u-pt-x20 u-pb-x12 u-pt-x40@md u-pb-x20@md\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-8\/12@md u-mt-x6 u-mt-x0@sm\" data-aos=\"fade\">\n                <h1 class=\"u-color-primary\">Offensive Security<\/h1>\n<h1>Find vulnerabilities. Close risks. Prove security.  <\/h1>\n<p>Rely on security that can be proven. carmasec tests your systems using the same methods real attackers use. Structured. Documented. With priorities your team can implement immediately.    <\/p>\n<p><a class=\"c-btn c-btn__primary u-mt-x3\" href=\"#leistungen\">Our services<\/a> <a class=\"c-btn c-btn--white u-mt-x3\" href=\"#form\">Ready for a pentest?<\/a><\/p>\n\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"services\" data-anchor-title=\"Services\" class=\"m-text__container u-pt-x12 u-pb-x4 u-pt-x20@md u-pb-x28@md u-bgcolor-gray-blue\"><div class=\"o-container u-relative\">\n        <div class=\"o-grid o-grid--center\">\n                <article class=\"o-grid__col u-8\/12@md\" data-aos=\"none\">\n                    <p class=\"u-color-primary h4\" style=\"text-align: center;\">testing. done. right.<\/p>\n<h2 style=\"text-align: center;\">Attacks are increasing and damage is growing rapidly<\/h2>\n<p style=\"text-align: center;\">Successful attacks are rarely accidental. They follow patterns, exploit known gaps, and fail against defenses that have actually been tested. AI is accelerating the attacker side: vulnerability discovery, exploit development, and social engineering are becoming faster, more targeted, and harder to detect. Offensive Security provides that proof. The results show where defensive measures work and where they do not\u2014and create the evidence base required by, among others, NIS-2, DORA, and ISO 27001.    <\/p>\n\n                <\/article>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"services\" data-anchor-title=\"Services\" class=\"m-tiles__container u-pt-x0 u-pb-x20 u-pt-x0@md u-pb-x16@md u-mt--x20@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-security-offense.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Vernetztes-Schutzschild-mit-Haken-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Penetration Testing<\/h4>\n<p>No more guesswork. Your organization knows where it is vulnerable. Every finding is prioritized by risk, the attack path is documented, and concrete countermeasures are provided. Your team knows what to do first.   <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Web application<\/li>\n<li>API<\/li>\n<li>Network<\/li>\n<li>Active Directory<\/li>\n<li>Endpoint<\/li>\n<li>Mobile<\/li>\n<li>Cloud platform<\/li>\n<li>AI pentesting<\/li>\n<\/ul>\n<p><a class=\"c-link__arrow\" href=\"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/penetration-testing\/\">Learn more<\/a><\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-lupe-code.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Code-Analyse-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Red Teaming &#038; TLPT<\/h4>\n<p>Does your detection work when it matters? Over several weeks, we simulate the full attack path through to business-critical processes\u2014based on threat intelligence and real attacker profiles. The result is a robust assessment of your operational resilience. TLPT-compliant under DORA and TIBER-EU.   <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Threat intelligence-led attack simulation<\/li>\n<li>Adversary emulation<\/li>\n<li>TLPT<\/li>\n<li>Detection &#038; response test<\/li>\n<li>Resilience assessment<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-hacker.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Hacker-am-Laptop-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Attack simulations<\/h4>\n<p>Blind spots are what will hit you in an incident. We simulate ransomware behavior, command-and-control communication, and data exfiltration under controlled conditions. You see in black and white what your SOC detects and where it fails. We build on that and sharpen your defense structures in a targeted way.   <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Ransomware simulation<\/li>\n<li>Command &#038; Control<\/li>\n<li>Data exfiltration<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-person-schild.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Nutzer-mit-Schutzschild-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Social Engineering &#038; Awareness<\/h4>\n<p>People are not a security problem. They are a security factor\u2014if they know what attacks look like. Phishing campaigns and live hacking sessions make threats tangible and show where awareness measures actually work.  <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Phishing campaigns<\/li>\n<li>Spear phishing<\/li>\n<li>Awareness training<\/li>\n<li>Live hacking<\/li>\n<\/ul>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height u-color-white u-bgcolor-secondary u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/icon-sprechblasen.svg\" width=\"90\" height=\"89\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Sprechblasen-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h3>Not sure which service fits yet?<\/h3>\n<p class=\"h5\">In an initial conversation, we will clarify together which approach makes sense for your situation.<\/p>\n<a href=\"#form\" class=\"c-btn c-btn__primary u-mt-x3\" target=\"_self\">Contact us now<\/a><\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-headline__container-block_b1192a5dd3f81ba5081bc17610e289c3\" class=\"m-headline__container u-pt-x8 u-pb-x12 u-pt-x20@md u-pb-x20@md u-bgcolor-gray-blue\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-10\/12@md\" data-aos=\"none\"><h3>Why act now?<\/h3><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-tiles__container-block_bc3c1dff2076bdfcf90e33ff71a20488\" class=\"m-tiles__container u-pt-x4 u-pb-x8 u-pt-x12@md u-pb-x20@md u-bgcolor-gray-blue u-mt--x20@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>Increasing Threat Landscape<\/h6>\n<p>Cloud, AI systems, IoT, and hybrid work models continuously expand the attack surface. Attackers use automated tools and orchestrated campaigns. <\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>AI as an Attacker Tool<\/h6>\n<p>AI accelerates the attacker side. Phishing becomes more precise, exploits are developed faster, attack chains become harder to detect. <\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>Regulatory Pressure<\/h6>\n<p>NIS-2, DORA, CRA, and EU AI Act make technical security assessments a mandatory requirement.<\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>Resilience instead of pure defense<\/h6>\n<p>Ransomware attacks, IT outages, and supply chain disruptions can paralyze business processes within minutes. What matters is whether the organization remains capable of action. <\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-quote__container-block_1b8b2c4e42838e1a981a973b52867047\" class=\"m-quote__container u-pt-x8 u-pb-x12 u-pt-x20@md u-pb-x20@md\">\n    <div class=\"o-container u-relative u-ph-x0\"><div class=\"m-slider__quote m-slider__quote--image\">\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-5\/12@sm u-3\/12@md u-text-center u-text-left@sm u-mb-x6 u-mb-x0@sm\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419.jpg\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419.jpg 1024w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419-300x300.jpg 300w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419-150x150.jpg 150w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419-768x768.jpg 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" alt=\"L\u00e4chelndes Portr\u00e4tfoto von Pascal Waffenschmidt, Senior Security Consultant bei der carmasec.\" class=\"u-image--circle u-ph-x12 u-ph-x0@sm\"  \/>\n                        <\/div>\n                        <article class=\"o-grid__col u-5\/12@sm u-push-1\/12@md u-text-center u-text-left@sm\"><blockquote class=\"h4 u-weight-regular\">27 seconds is the record. 65% faster than a year ago. Attacks scale with AI\u2014visibility into your own attack surface does not. That&#8217;s exactly where the risk emerges. What happens during this time at your organization?    <\/blockquote><p class=\"o-type-small\"><strong>Pascal Waffenschmidt<\/strong>, Senior Security Consultant<\/p><\/article>\n                    <\/div>\n                <\/div><\/div>\n    <\/div>\n<\/section>\n\n\n<section\n    id=\"m-media-text__container-block_ef4dc92cdda80f2a90afd635ac2a0aa6\"    class=\"u-relative m-media-text__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x20@md u-color-white u-bgcolor-gray-blue\"\n>\n    <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1024x570.jpg\" width=\"1024\" height=\"570\" srcset=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1024x570.jpg 1024w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-300x167.jpg 300w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-768x427.jpg 768w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1536x854.jpg 1536w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero.jpg 1920w\" sizes=\"(max-width: 1380px) 100vw, 1380px\" alt=\"Blauer Hintergrund\" class=\"u-absolute u-pos--top u-pos--left u-full--width u-full--height\"  \/>\n    <div class=\"o-container u-relative\">\n        \n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                <figure class=\"m-media-text__image o-grid__col u-6\/12@sm u-5\/12@md u-text-center u-mb-x6 u-mb-x0@sm\" data-aos=\"fade\">\n                    <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID.jpg\" width=\"1000\" height=\"750\" srcset=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID.jpg 1000w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID-300x225.jpg 300w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID-768x576.jpg 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" alt=\"Vorschau des carmasec-Playbooks \"Threat-Informed Defense: Weniger Risiko, mehr Resilienz\" f\u00fcr CISOs und IT-Abteilungen\" class=\" u-image--rounded-large\"  \/>                <\/figure>\n\n                <article class=\"m-media-text__content o-grid__col u-6\/12@sm u-6\/12@md u-push-1\/12@md\" data-aos=\"fade\">\n                    <h2>Less risk, more resilience.<\/h2>\n<h4>How compliance and real defense work together.<\/h4>\n<p>This playbook shows CISOs and IT security teams how protective measures take effect where attackers actually strike.<\/p>\n<p><a class=\"c-btn c-btn--white u-mt-x3\" href=\"https:\/\/www.carmasec.com\/de\/knowledge-center\/threat-informed-defense-echte-angriffstechniken\/\">Download Whitepaper<\/a><\/p>\n                <\/article>\n            <\/div>\n\n        \n            <\/div>\n<\/section>\n\n\n<section id=\"m-headline__container-block_4a9a1b5ba061be958659e8f1a4a04475\" class=\"m-headline__container u-pt-x8 u-pb-x0 u-pt-x20@md u-pb-x0@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-10\/12@md\" data-aos=\"none\"><h2>Whether start-up, mid-sized company, or corporation: We find the right solution<\/h2><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-slider__container-block_87fb75051ed01bb931acb3ad09e2abfb\" class=\"m-slider__container u-pt-x0 u-pb-x8 u-pt-x4@md u-pb-x16@md\"><div class=\"m-slider\" data-number=\"7\" data-rows=\"1\" data-autoslide=\"1\" data-indent=\"1\" data-arrows=\"true\"><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-barmenia.svg\" width=\"81\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Barmenia\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-bruker.png\" width=\"113\" height=\"60\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Bruker\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-deutsche-bahn.svg\" width=\"74\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Deutsche Bahn\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-fashionette.svg\" width=\"156\" height=\"25\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Fashionette\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-raisinbank.svg\" width=\"155\" height=\"36\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Raisin Bank\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-vorwerk.svg\" width=\"135\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Vorwerk\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-barmenia-1.svg\" width=\"81\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Barmenia\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-bruker-1.png\" width=\"113\" height=\"60\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Bruker\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-deutsche-bahn-1.svg\" width=\"74\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Deutsche Bahn\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-fashionette-1.svg\" width=\"156\" height=\"25\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Fashionette AG\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-raisinbank-1.svg\" width=\"155\" height=\"36\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Raisin Bank AG\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-vorwerk-1.svg\" width=\"135\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Vorwerk\" class=\"\"  \/><\/figure>\n\t    <\/div><div class=\"carousel__arrows\"><\/div>\n<\/section>\n\n\n<section id=\"m-headline__container-block_6f5828c10c23567c6e05e3a7b7f53f19\" class=\"m-headline__container u-pt-x8 u-pb-x0 u-pt-x20@md u-pb-x0@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-12\/12@md\" data-aos=\"none\"><h4>Trust is built through results<\/h4><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-quote__container-block_68a63376696b6861ceb9a7eee2da5098\" class=\"m-quote__container u-pt-x8 u-pb-x16 u-pt-x20@md u-pb-x40@md\">\n    <div class=\"o-container u-relative u-ph-x0\"><div class=\"m-slider__quote m-slider__quote--fact\">\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">100%<\/p>\n<p style=\"text-align: center;\">of the agreed project objectives achieved<\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">&#8220;Professional, flexible, approachable and, above all, successful. carmasec delivered what was promised.&#8221; <\/blockquote><div class=\"o-media o-media--middle\"><figure class=\"o-media__fixed\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-bruker.png\" width=\"113\" height=\"60\" srcset=\"\" sizes=\"(max-width: 60px) 100vw, 60px\" alt=\"Logo von Bruker\" class=\"u-image--circle u-image--small\"  \/><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>Bruker Optics<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div>\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">40%<\/p>\n<p style=\"text-align: center;\"><strong>greater transparency regarding the security status through defined KPIs<\/strong><\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">&#8220;With the support of carmasec, we defined KPIs and created a higher level of transparency and acceptance.&#8221;<\/blockquote><div class=\"o-media o-media--middle\"><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>DKV Mobility Services<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div>\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">100%<\/p>\n<p style=\"text-align: center;\"><strong>of the project results documented and handed over with evidence<\/strong><\/p>\n<p>&nbsp;<\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">&#8220;With carmasec, we found a trustworthy partner who supported us with the implementation and delivered a comprehensive results report. We recommend carmasec without reservation.&#8221; <\/blockquote><div class=\"o-media o-media--middle\"><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>ELIGO<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div>\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">100%<\/p>\n<p style=\"text-align: center;\"><strong>of the identified vulnerabilities documented with specific recommendations for action<\/strong><\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">&#8220;carmasec made a significant contribution to the security of our services. Professional consulting, clean execution. We recommend carmasec without reservation for infrastructure penetration tests.&#8221;  <\/blockquote><div class=\"o-media o-media--middle\"><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>tyntec GmbH<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div><\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-facts__container-block_93b7de2b9aa4d7788d76424e7abe37a5\" class=\"m-facts__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x16@md u-bgcolor-gray-blue\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center\">\n            <div class=\"o-grid__col u-6\/12@sm u-4\/12@md u-3\/12@lg m-facts__left--horizontal u-mb-x6 u-mb-x0@md\" data-aos=\"none\"><h2>Why carmasec?<\/h2>\n<p>Many providers test. The difference lies in what happens afterward. <\/p>\n<\/div>\n            <div class=\"o-grid__col u-6\/12@sm u-6\/12@md u-4\/12@lg u-push-1\/12@md m-facts__right--horizontal\">\n                    <div class=\"m-fact__item u-mb-x6\" data-aos=\"none\">\n                        <p class=\"m-fact__headline h3 u-mb-x2\">Threat Informed Defense as a methodology<\/p>\n                        <p class=\"m-fact__text o-type-small\">Our attack simulations are based on documented techniques of real attackers according to MITRE ATT&#038;CK. No generic scope.  <br \/>\r\n<\/p>\n                    <\/div>\n                    <div class=\"m-fact__item u-mb-x6\" data-aos=\"none\">\n                        <p class=\"m-fact__headline h3 u-mb-x2\">Vendor-independent<\/p>\n                        <p class=\"m-fact__text o-type-small\">We do not recommend tools because we are their partners. We recommend what is professionally appropriate. This applies to methods, scope, and reporting.  <\/p>\n                    <\/div>\n                    <div class=\"m-fact__item u-mb-x6\" data-aos=\"none\">\n                        <p class=\"m-fact__headline h3 u-mb-x2\">Personal<\/p>\n                        <p class=\"m-fact__text o-type-small\">No ticket system, no offshore delivery. Direct communication with the experts who test. <\/p>\n                    <\/div><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-headline__container-block_4869f3b7ce34570ca0beb7e1d9a01c74\" class=\"m-headline__container u-pt-x8 u-pb-x0 u-pt-x20@md u-pb-x0@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n            <div class=\"o-grid__col u-12\/12@md\" data-aos=\"none\"><h2>Frequently asked questions about Offensive Security<\/h2><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"m-accordion__container-block_1d114e72b7e1cfdc6ebf90c8cca47b52\" class=\"m-accordion__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x20@md \">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n            <div class=\"o-grid__col u-12\/12@md\">\n                <div class=\"m-accordion\" itemscope itemtype=\"https:\/\/schema.org\/FAQPage\">\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     How does a manual pentest differ from a vulnerability scan?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>A vulnerability scan runs automated checks based on known patterns. A manual pentest combines this baseline with creative approaches, tailored attack chains, and context about your specific environment. This produces realistic scenarios that automated tools alone cannot replicate.  <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     How often should we run penetration tests?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>At least annually. In addition, after significant changes such as new applications, major releases, cloud migrations, or new AI solutions. For particularly critical systems, a shorter cycle may be appropriate.  <\/p>\n<p>&nbsp;<\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Do we only receive a report, or do you also support implementation?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Both are possible. By default, you receive clear, risk-based reporting. If desired, we support implementation, the remediation roadmap, and technical hardening. Including a retest.   <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     What is the difference between a penetration test and red teaming, and when do we need which?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>A penetration test assesses defined systems within a limited time frame. The goal is a comprehensive vulnerability analysis with documented findings. Red teaming simulates a real attack over weeks without a defined scope, based on actual attacker profiles. The goal is not full coverage, but proof of whether an attacker can reach a business-critical objective. If you want to know where vulnerabilities are, you need a pentest. If you want to know whether your detection and response work in an incident, you need red teaming.     <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     We are not a financial institution. Is TLPT still relevant for us? \n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>TLPT is a regulatory requirement for certain financial institutions under DORA. For everyone else, the principle is still relevant: threat-led penetration testing aligns attack simulations with real threat profiles, not generic checklists. Organizations that operate critical infrastructure or work in regulated industries benefit from the same approach without a formal TLPT obligation.  <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Our development teams work agile. How can Offensive Security be integrated into ongoing release cycles? \n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Offensive Security does not have to be treated as a one-off project. Penetration tests can be limited to individual releases or new features. Attack simulations can run in parallel with operations. During scoping, we define together which approach fits your development cycles without interrupting operations.   <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     What exactly does an attack simulation test that a classic pentest does not cover?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>A penetration test finds vulnerabilities. An attack simulation tests whether your detection and response mechanisms identify those vulnerabilities and respond correctly. Ransomware behavior, command-and-control traffic, and data exfiltration are replicated under controlled conditions. The key question is not only: Is there a gap? But: Would your SOC notice an attack through it?    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Do our employees need to know that a phishing campaign is running?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>That depends on the objective. Unannounced campaigns deliver more realistic results on the organization\u2019s actual maturity level. Announced campaigns have a stronger awareness effect. Both are possible and legally permissible if the framework conditions are clearly defined. We clarify this during scoping together with your HR and legal departments.    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     How do you protect confidential systems and data during an engagement?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Every engagement starts with a defined scoping document: target systems, exclusions, time windows, points of contact, and emergency processes. We work exclusively within the agreed framework. Findings are transmitted in encrypted form and are not communicated via insecure channels. Confidentiality is governed contractually.   <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Do penetration tests and red teaming meet the requirements of NIS-2 and DORA?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Yes. DORA requires regular resilience testing for certain financial institutions, including TLPT under TIBER-EU. NIS-2 expects technical security testing as part of risk management. ISO 27001 requires evidence that implemented controls have been tested for effectiveness. Our reports are audit-proof and aligned with the evidence requirements of the respective regulations.    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     What happens after the test, and who implements the measures?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>The report prioritizes findings by risk and provides concrete countermeasures. If desired, we support implementation, verify measures in a retest, and derive a security roadmap from the results. Technical measures are implemented by our defense team. Findings with governance or compliance relevance flow directly into your ISMS and your evidence documentation for ISO 27001, NIS-2, and DORA. Offensive, defense, and governance work in a continuous cycle at carmasec.    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                 <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section id=\"form\" data-anchor-title=\"form\" class=\"m-form-text__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x20@md u-bgcolor-secondary\">\n    <div class=\"o-container u-relative\">\n        <div class=\"o-grid o-grid--center\">\n            <article class=\"o-grid__col u-6\/12@sm u-4\/12@lg u-mb-x6 u-mb-x0@sm\" data-aos=\"none\">\n                <p class=\"h4 u-color-white\">Contact<\/p>\n<h2 class=\"u-color-white\">Ready for a reality check?<\/h2>\n<p class=\"u-color-white\">Want to know how far an attacker could penetrate your infrastructure? In an initial consultation, we\u2019ll work with you to determine which approach is best suited to your specific situation, which systems should be prioritised, and what a realistic threat assessment means for your business.<\/p>\n<div class=\"o-media o-media--res o-media--middle u-mt-x6\">\n<figure class=\"o-media__fixed\"><img decoding=\"async\" class=\"u-image--circle alignleft wp-image-1556 size-thumbnail\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/TBoergers-150x150.jpg\" alt=\"Portr\u00e4tfoto von Timm B\u00f6rgers, Gesch\u00e4ftsf\u00fchrer bei der carmasec.\" width=\"150\" height=\"150\" \/><\/figure>\n<div class=\"o-media__fluid\"><strong class=\"u-color-white\">Timm B\u00f6rgers<\/strong><br \/>\n<span class=\"u-color-white\">Managing Partner<\/span><br \/>\n<a class=\"u-color-white\" href=\"tel:0049201426385905\" target=\"_blank\" rel=\"noopener\">+49 (0)201 426 385 905<\/a><br \/>\n<a class=\"u-color-white\" href=\"mailto:vertrieb@carmasec.com\">vertrieb@carmasec.com<\/a><\/div>\n<\/div>\n\n            <\/article>\n            <div class=\"o-grid__col u-6\/12@sm u-7\/12@lg u-push-1\/12@lg\" data-aos=\"none\">\n                <div class=\"c-card u-bgcolor-gray-blue u-p-x6 u-p-x12@md\">\n                    <script>hbspt.forms.create({portalId: \"144374369\", formId: \"b408abf6-b074-4329-a406-c861cacd7b5e\"});<\/script>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":4,"featured_media":3457,"parent":3458,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-3586","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Offensive Security | Pentests &amp; Red Teaming | carmasec<\/title>\n<meta name=\"description\" content=\"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Offensive Security\" \/>\n<meta property=\"og:description\" content=\"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/\" \/>\n<meta property=\"og:site_name\" content=\"carmasec\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-10T13:03:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1068\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/\",\"name\":\"Offensive Security | Pentests & Red Teaming | carmasec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/carmasec_effekt.jpg\",\"datePublished\":\"2026-04-13T16:32:32+00:00\",\"dateModified\":\"2026-06-10T13:03:59+00:00\",\"description\":\"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/carmasec_effekt.jpg\",\"contentUrl\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/carmasec_effekt.jpg\",\"width\":1920,\"height\":1068,\"caption\":\"Pie chart showing the three carmasec service areas Compliance, Offensive, and Defense, embedded in the values Security, Done, and Right, against a blue and orange digital data network background\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Services\",\"item\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Offensive Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/\",\"name\":\"carmasec\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Organization\",\"Place\"],\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#organization\",\"name\":\"carmasec GmbH & Co. KG\",\"alternateName\":\"carmasec\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/\",\"logo\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#local-main-organization-logo\"},\"image\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#local-main-organization-logo\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/carmasec\\\/\"],\"description\":\"Die carmasec GmbH & Co. KG ist eine auf Cybersicherheit und Cyberresilienz spezialisierte Beratungsunternehmen mit Sitz in Essen. Das Leistungsspektrum verbindet zwei essenzielle Welten: strategische Compliance und dem Schutz vor Cyberangriffen. Mit einem klaren Fokus auf agile Sicherheitsprozesse unterst\u00fctzt carmasec Kunden branchenneutral und herstellerunabh\u00e4ngig. Das interdisziplin\u00e4re Team integriert langj\u00e4hrige Beratungserfahrung mit modernen Arbeitsweisen, um komplexe Anforderungen \u2013 von ISMS und Risikomanagement bis hin zu Cloud Security und Offensive Security \u2013 effizient umzusetzen. Zu den Kunden z\u00e4hlen der gehobene Mittelstand sowie internationale Konzerne, insbesondere aus Finanz- und Versicherungswesen, Fertigungsindustrie, Automotive sowie Kritischen Infrastrukturen. Mit der etablierten Veranstaltungsreihe \u201efriends of carmasec\\\" schafft das Unternehmen eine zentrale Plattform f\u00fcr den Branchen-Dialog und vernetzt regelm\u00e4\u00dfig Entscheidungstr\u00e4ger:innen und Expert:innen aus der Security-Community. carmasec bef\u00e4higt Organisationen, Risiken ganzheitlich zu managen und digitale Infrastrukturen proaktiv zu sch\u00fctzen.\",\"legalName\":\"carmasec GmbH & Co. KG\",\"foundingDate\":\"2018-12-18\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"},\"telephone\":[],\"openingHoursSpecification\":[{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Monday\",\"Tuesday\",\"Wednesday\",\"Thursday\",\"Friday\",\"Saturday\",\"Sunday\"],\"opens\":\"09:00\",\"closes\":\"17:00\"}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#local-main-organization-logo\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/logo-carmasec.svg\",\"contentUrl\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/logo-carmasec.svg\",\"width\":299,\"height\":40,\"caption\":\"carmasec GmbH & Co. KG\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Offensive Security | Pentests & Red Teaming | carmasec","description":"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","og_locale":"en_US","og_type":"article","og_title":"Offensive Security","og_description":"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.","og_url":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","og_site_name":"carmasec","article_modified_time":"2026-06-10T13:03:59+00:00","og_image":[{"width":1920,"height":1068,"url":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","url":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","name":"Offensive Security | Pentests & Red Teaming | carmasec","isPartOf":{"@id":"https:\/\/www.carmasec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#primaryimage"},"image":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","datePublished":"2026-04-13T16:32:32+00:00","dateModified":"2026-06-10T13:03:59+00:00","description":"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.","breadcrumb":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.carmasec.com\/en\/services\/offensive-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#primaryimage","url":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","contentUrl":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","width":1920,"height":1068,"caption":"Pie chart showing the three carmasec service areas Compliance, Offensive, and Defense, embedded in the values Security, Done, and Right, against a blue and orange digital data network background"},{"@type":"BreadcrumbList","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.carmasec.com\/en\/"},{"@type":"ListItem","position":2,"name":"Services","item":"https:\/\/www.carmasec.com\/en\/services\/"},{"@type":"ListItem","position":3,"name":"Offensive Security"}]},{"@type":"WebSite","@id":"https:\/\/www.carmasec.com\/en\/#website","url":"https:\/\/www.carmasec.com\/en\/","name":"carmasec","description":"","publisher":{"@id":"https:\/\/www.carmasec.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.carmasec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Organization","Place"],"@id":"https:\/\/www.carmasec.com\/en\/#organization","name":"carmasec GmbH & Co. KG","alternateName":"carmasec","url":"https:\/\/www.carmasec.com\/en\/","logo":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#local-main-organization-logo"},"image":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#local-main-organization-logo"},"sameAs":["https:\/\/www.linkedin.com\/company\/carmasec\/"],"description":"Die carmasec GmbH & Co. KG ist eine auf Cybersicherheit und Cyberresilienz spezialisierte Beratungsunternehmen mit Sitz in Essen. Das Leistungsspektrum verbindet zwei essenzielle Welten: strategische Compliance und dem Schutz vor Cyberangriffen. Mit einem klaren Fokus auf agile Sicherheitsprozesse unterst\u00fctzt carmasec Kunden branchenneutral und herstellerunabh\u00e4ngig. Das interdisziplin\u00e4re Team integriert langj\u00e4hrige Beratungserfahrung mit modernen Arbeitsweisen, um komplexe Anforderungen \u2013 von ISMS und Risikomanagement bis hin zu Cloud Security und Offensive Security \u2013 effizient umzusetzen. Zu den Kunden z\u00e4hlen der gehobene Mittelstand sowie internationale Konzerne, insbesondere aus Finanz- und Versicherungswesen, Fertigungsindustrie, Automotive sowie Kritischen Infrastrukturen. Mit der etablierten Veranstaltungsreihe \u201efriends of carmasec\" schafft das Unternehmen eine zentrale Plattform f\u00fcr den Branchen-Dialog und vernetzt regelm\u00e4\u00dfig Entscheidungstr\u00e4ger:innen und Expert:innen aus der Security-Community. carmasec bef\u00e4higt Organisationen, Risiken ganzheitlich zu managen und digitale Infrastrukturen proaktiv zu sch\u00fctzen.","legalName":"carmasec GmbH & Co. KG","foundingDate":"2018-12-18","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"},"telephone":[],"openingHoursSpecification":[{"@type":"OpeningHoursSpecification","dayOfWeek":["Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"],"opens":"09:00","closes":"17:00"}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#local-main-organization-logo","url":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-carmasec.svg","contentUrl":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-carmasec.svg","width":299,"height":40,"caption":"carmasec GmbH & Co. KG"}]}},"_links":{"self":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/comments?post=3586"}],"version-history":[{"count":4,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3586\/revisions"}],"predecessor-version":[{"id":3835,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3586\/revisions\/3835"}],"up":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/media\/3457"}],"wp:attachment":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/media?parent=3586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}