{"id":3586,"date":"2026-04-13T16:32:32","date_gmt":"2026-04-13T16:32:32","guid":{"rendered":"https:\/\/www.carmasec.com\/services\/offensive-security\/"},"modified":"2026-05-29T12:22:37","modified_gmt":"2026-05-29T12:22:37","slug":"offensive-security","status":"publish","type":"page","link":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","title":{"rendered":"Offensive Security"},"content":{"rendered":"\n<section id=\"m-hero__container-block_9506b38bb8ada65c7cd5d1e8731cf57e\" class=\"m-hero__container  u-color-white u-relative\"><figure class=\"u-absolute u-pos--top u-pos--left u-full--width u-full--height\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1920x700.jpg\" width=\"1920\" height=\"700\" srcset=\"\" sizes=\"(max-width: 1920px) 100vw, 1920px\" alt=\"Blauer Hintergrund\" class=\"u-image--cover\"  \/>\n        <\/figure><div class=\"o-container u-relative u-index--1 u-pt-x20 u-pb-x12 u-pt-x40@md u-pb-x20@md\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-8\/12@md u-mt-x6 u-mt-x0@sm\" data-aos=\"fade\">\n                <h1 class=\"u-color-primary\">Offensive Security<\/h1>\n<h1>Find vulnerabilities. Close risks. Prove security.  <\/h1>\n<p>Rely on security that can be proven. carmasec tests your systems using the same methods real attackers use. Structured. Documented. With priorities your team can implement immediately.    <\/p>\n<p><a class=\"c-btn c-btn__primary u-mt-x3\" href=\"#leistungen\">Our services<\/a> <a class=\"c-btn c-btn--white u-mt-x3\" href=\"#form\">Ready for a pentest?<\/a><\/p>\n\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"services\" data-anchor-title=\"Services\" class=\"m-text__container u-pt-x12 u-pb-x4 u-pt-x20@md u-pb-x28@md u-bgcolor-gray-blue\"><div class=\"o-container u-relative\">\n        <div class=\"o-grid o-grid--center\">\n                <article class=\"o-grid__col u-8\/12@md\" data-aos=\"none\">\n                    <p class=\"u-color-primary h4\" style=\"text-align: center;\">tested. done. right.<\/p>\n<h2 style=\"text-align: center;\">Attacks are increasing and damage is growing rapidly<\/h2>\n<p style=\"text-align: center;\">Successful attacks are rarely accidental. They follow patterns, exploit known gaps, and fail against defenses that have actually been tested. AI is accelerating the attacker side: vulnerability discovery, exploit development, and social engineering are becoming faster, more targeted, and harder to detect. Offensive Security provides that proof. The results show where defensive measures work and where they do not\u2014and create the evidence base required by, among others, NIS-2, DORA, and ISO 27001.    <\/p>\n\n                <\/article>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"services\" data-anchor-title=\"Services\" class=\"m-tiles__container u-pt-x0 u-pb-x20 u-pt-x0@md u-pb-x16@md u-mt--x20@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-security-offense.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Vernetztes-Schutzschild-mit-Haken-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Penetration Testing<\/h4>\n<p>No more guesswork. Your organization knows where it is vulnerable. Every finding is prioritized by risk, the attack path is documented, and concrete countermeasures are provided. Your team knows what to do first.   <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Web application<\/li>\n<li>API<\/li>\n<li>Network<\/li>\n<li>Active Directory<\/li>\n<li>Endpoint<\/li>\n<li>Mobile<\/li>\n<li>Cloud platform<\/li>\n<li>AI pentesting<\/li>\n<\/ul>\n<p><a class=\"c-link__arrow\" href=\"https:\/\/www.carmasec.com\/de\/leistungen\/offensive-security\/penetration-testing\/\">Learn more<\/a><\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-lupe-code.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Code-Analyse-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Red Teaming &#038; TLPT<\/h4>\n<p>Does your detection work when it matters? Over several weeks, we simulate the full attack path through to business-critical processes\u2014based on threat intelligence and real attacker profiles. The result is a robust assessment of your operational resilience. TLPT-compliant under DORA and TIBER-EU.   <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Threat intelligence-led attack simulation<\/li>\n<li>Adversary emulation<\/li>\n<li>TLPT<\/li>\n<li>Detection &#038; response test<\/li>\n<li>Resilience assessment<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-hacker.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Hacker-am-Laptop-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Attack simulations<\/h4>\n<p>Blind spots are what will hit you in an incident. We simulate ransomware behavior, command-and-control communication, and data exfiltration under controlled conditions. You see in black and white what your SOC detects and where it fails. We build on that and sharpen your defense structures in a targeted way.   <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Ransomware simulation<\/li>\n<li>Botnet traffic (C2)<\/li>\n<li>Data exfiltration<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-6\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/icon-person-schild.svg\" width=\"64\" height=\"64\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Nutzer-mit-Schutzschild-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h4>Social Engineering &#038; Awareness<\/h4>\n<p>People are not a security problem. They are a security factor\u2014if they know what attacks look like. Phishing campaigns and live hacking sessions make threats tangible and show where awareness measures actually work.  <\/p>\n<ul class=\"c-list__checkmark\">\n<li>Phishing campaigns<\/li>\n<li>Spear phishing<\/li>\n<li>Awareness training<\/li>\n<li>Live hacking<\/li>\n<\/ul>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height u-color-white u-bgcolor-secondary u-p-x4 u-p-x8@md\">\n                        <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/icon-sprechblasen.svg\" width=\"90\" height=\"89\" srcset=\"\" sizes=\"(max-width: 480px) 100vw, 480px\" alt=\"Sprechblasen-Icon\" class=\" u-relative u-float-right u-image__icon u-image__icon--small\"  \/>\n                        <figcaption class=\"u-relative\"><h3>Not sure which service fits yet?<\/h3>\n<p class=\"h5\">In an initial conversation, we will clarify together which approach makes sense for your situation.<\/p>\n<a href=\"#form\" class=\"c-btn c-btn__primary u-mt-x3\" target=\"_self\">Contact us now<\/a><\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-headline__container-block_b1192a5dd3f81ba5081bc17610e289c3\" class=\"m-headline__container u-pt-x8 u-pb-x12 u-pt-x20@md u-pb-x20@md u-bgcolor-gray-blue\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-10\/12@md\" data-aos=\"none\"><h3>Why act now?<\/h3><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-tiles__container-block_bc3c1dff2076bdfcf90e33ff71a20488\" class=\"m-tiles__container u-pt-x4 u-pb-x8 u-pt-x12@md u-pb-x20@md u-bgcolor-gray-blue u-mt--x20@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>Increasing Threat Landscape<\/h6>\n<p>Cloud, AI systems, IoT, and hybrid work models continuously expand the attack surface. Attackers use automated tools and orchestrated campaigns. <\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>AI as an Attacker Tool<\/h6>\n<p>AI accelerates the attacker side. Phishing becomes more precise, exploits are developed faster, attack chains become harder to detect. <\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>Regulatory Pressure<\/h6>\n<p>NIS-2, DORA, CRA, and EU AI Act make technical security assessments a mandatory requirement.<\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n                <div class=\"o-grid__col u-mb-x4 u-6\/12@sm u-12\/12@md\" data-aos=\"none\">\n                \n                    <figure class=\"c-card u-relative u-block u-full--height c-card--border u-bgcolor-white u-p-x4 u-p-x8@md\">\n                        \n                        <figcaption class=\"u-relative\"><h6>Resilience instead of pure defense<\/h6>\n<p>Ransomware attacks, IT outages, and supply chain disruptions can paralyze business processes within minutes. What matters is whether the organization remains capable of action. <\/p>\n<\/figcaption>\n                    <\/figure>\n                    \n                <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-quote__container-block_8b6c5d28af945ffd7b5eeac283235f19\" class=\"m-quote__container u-pt-x8 u-pb-x12 u-pt-x20@md u-pb-x20@md\">\n    <div class=\"o-container u-relative u-ph-x0\"><div class=\"m-slider__quote m-slider__quote--image\">\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-5\/12@sm u-3\/12@md u-text-center u-text-left@sm u-mb-x6 u-mb-x0@sm\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419.jpg\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419.jpg 1024w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419-300x300.jpg 300w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419-150x150.jpg 150w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Pwaffenschmitt-e1774896657419-768x768.jpg 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" alt=\"L\u00e4chelndes Portr\u00e4tfoto von Pascal Waffenschmidt, Senior Security Consultant bei der carmasec.\" class=\"u-image--circle u-ph-x12 u-ph-x0@sm\"  \/>\n                        <\/div>\n                        <article class=\"o-grid__col u-5\/12@sm u-push-1\/12@md u-text-center u-text-left@sm\"><blockquote class=\"h4 u-weight-regular\">27 Sekunden ist der Rekord. 65 % schneller als noch ein Jahr zuvor. Angriffe skalieren mit KI &#8211; Sichtbarkeit auf die eigene Angriffsfl\u00e4che nicht. Genau da entsteht das Risiko. Was passiert in dieser Zeit bei euch?<\/blockquote><p class=\"o-type-small\"><strong>Pascal Waffenschmidt<\/strong>, Senior Security Consultant<\/p><\/article>\n                    <\/div>\n                <\/div><\/div>\n    <\/div>\n<\/section>\n<section\n    id=\"m-media-text__container-block_951e396727744a9f5dd495a8f174da38\"    class=\"u-relative m-media-text__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x20@md u-color-white u-bgcolor-gray-blue\"\n>\n    <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1024x570.jpg\" width=\"1024\" height=\"570\" srcset=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1024x570.jpg 1024w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-300x167.jpg 300w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-768x427.jpg 768w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero-1536x854.jpg 1536w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/background-image-hero.jpg 1920w\" sizes=\"(max-width: 1380px) 100vw, 1380px\" alt=\"Blauer Hintergrund\" class=\"u-absolute u-pos--top u-pos--left u-full--width u-full--height\"  \/>\n    <div class=\"o-container u-relative\">\n        \n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                <figure class=\"m-media-text__image o-grid__col u-6\/12@sm u-5\/12@md u-text-center u-mb-x6 u-mb-x0@sm\" data-aos=\"fade\">\n                    <img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID.jpg\" width=\"1000\" height=\"750\" srcset=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID.jpg 1000w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID-300x225.jpg 300w, https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/03\/Mookup_-Leadmagnet_Playbook_TID-768x576.jpg 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" alt=\"Vorschau des carmasec-Playbooks \"Threat-Informed Defense: Weniger Risiko, mehr Resilienz\" f\u00fcr CISOs und IT-Abteilungen\" class=\" u-image--rounded-large\"  \/>                <\/figure>\n\n                <article class=\"m-media-text__content o-grid__col u-6\/12@sm u-6\/12@md u-push-1\/12@md\" data-aos=\"fade\">\n                    <h2>Weniger Risiko, mehr Resilienz.<\/h2>\n<h4>Wie Compliance und echte Abwehr zusammenwirken.<\/h4>\n<p>Dieses Playbook zeigt CISOs und IT-Sicherheitsteams, wie Schutzma\u00dfnahmen dort greifen, wo Angreifende wirklich ansetzen.<\/p>\n<p><a class=\"c-btn c-btn--white u-mt-x3\" href=\"https:\/\/www.carmasec.com\/de\/knowledge-center\/threat-informed-defense-echte-angriffstechniken\/\">Download Whitepaper<\/a><\/p>\n                <\/article>\n            <\/div>\n\n        \n            <\/div>\n<\/section>\n<section id=\"m-headline__container-block_4a9a1b5ba061be958659e8f1a4a04475\" class=\"m-headline__container u-pt-x8 u-pb-x0 u-pt-x20@md u-pb-x0@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-10\/12@md\" data-aos=\"none\"><h2>Whether start-up, mid-sized company, or corporation: We find the right solution<\/h2><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-slider__container-block_87fb75051ed01bb931acb3ad09e2abfb\" class=\"m-slider__container u-pt-x0 u-pb-x8 u-pt-x4@md u-pb-x16@md\"><div class=\"m-slider\" data-number=\"7\" data-rows=\"1\" data-autoslide=\"1\" data-indent=\"1\" data-arrows=\"true\"><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-barmenia.svg\" width=\"81\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Barmenia\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-bruker.png\" width=\"113\" height=\"60\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Bruker\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-deutsche-bahn.svg\" width=\"74\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Deutsche Bahn\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-fashionette.svg\" width=\"156\" height=\"25\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Fashionette\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-raisinbank.svg\" width=\"155\" height=\"36\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Raisin Bank\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-vorwerk.svg\" width=\"135\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Vorwerk\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-barmenia-1.svg\" width=\"81\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Barmenia\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-bruker-1.png\" width=\"113\" height=\"60\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Bruker\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-deutsche-bahn-1.svg\" width=\"74\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Deutsche Bahn\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-fashionette-1.svg\" width=\"156\" height=\"25\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Fashionette AG\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-raisinbank-1.svg\" width=\"155\" height=\"36\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Raisin Bank AG\" class=\"\"  \/><\/figure><figure class=\"u-flex u-ai-center u-jc-center u-relative u-p-x6 u-image__logo\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-vorwerk-1.svg\" width=\"135\" height=\"52\" srcset=\"\" sizes=\"(max-width: 400px) 100vw, 400px\" alt=\"Logo von Vorwerk\" class=\"\"  \/><\/figure>\n\t    <\/div><div class=\"carousel__arrows\"><\/div>\n<\/section>\n<section id=\"m-headline__container-block_6f5828c10c23567c6e05e3a7b7f53f19\" class=\"m-headline__container u-pt-x8 u-pb-x0 u-pt-x20@md u-pb-x0@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center u-text-center\">\n            <div class=\"o-grid__col u-12\/12@md\" data-aos=\"none\"><h4>Trust is built through results<\/h4><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-quote__container-block_f16b30695ffa5ef7578dc0c1f4c527aa\" class=\"m-quote__container u-pt-x8 u-pb-x16 u-pt-x20@md u-pb-x40@md\">\n    <div class=\"o-container u-relative u-ph-x0\"><div class=\"m-slider__quote m-slider__quote--fact\">\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">100%<\/p>\n<p style=\"text-align: center;\">der zugesagten Projektziele erreicht<\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">\u00bbProfessionell, flexibel, nahbar und vor allem: erfolgreich. carmasec hat geliefert, was versprochen wurde.\u00ab<\/blockquote><div class=\"o-media o-media--middle\"><figure class=\"o-media__fixed\"><img decoding=\"async\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-bruker.png\" width=\"113\" height=\"60\" srcset=\"\" sizes=\"(max-width: 60px) 100vw, 60px\" alt=\"Logo von Bruker\" class=\"u-image--circle u-image--small\"  \/><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>Bruker Optics<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div>\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">40%<\/p>\n<p style=\"text-align: center;\"><strong>mehr Transparenz \u00fcber den Sicherheitsstatus durch definierte KPIs<\/strong><\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">\u00bbMit Unterst\u00fctzung von carmasec haben wir KPIs definiert und einen h\u00f6heren Grad an Transparenz und Akzeptanz geschaffen.\u00ab<\/blockquote><div class=\"o-media o-media--middle\"><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>DKV Mobility Services<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div>\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">100%<\/p>\n<p style=\"text-align: center;\"><strong>der Projektergebnisse dokumentiert und nachweisbar \u00fcbergeben<\/strong><\/p>\n<p>&nbsp;<\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">\u00bbMit carmasec fanden wir einen vertrauensw\u00fcrdigen Partner, der uns bei der Umsetzung unterst\u00fctzte und einen umfangreichen Ergebnisbericht lieferte. Wir empfehlen carmasec uneingeschr\u00e4nkt weiter.\u00ab<\/blockquote><div class=\"o-media o-media--middle\"><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>ELIGO<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div>\n                <div class=\"m-slider__quoteInner u-ph-x6 u-ph-x0@md\">\n                    <div class=\"o-grid o-grid--center o-grid--middle\">\n                        <div class=\"o-grid__col u-3\/12@md u-full--height u-mb-x6 u-mb-x0@sm\">\n                                <div class=\"c-card u-color-white u-bgcolor-secondary u-full--height u-text-center u-p-x4 u-p-x8@md\"><p class=\"o-type-mega\" style=\"text-align: center;\">100%<\/p>\n<p style=\"text-align: center;\"><strong>der identifizierten Schwachstellen mit konkreten Handlungsempfehlungen dokumentiert<\/strong><\/p>\n<p>&nbsp;<\/p>\n<\/div>\n                        <\/div>\n                        <article class=\"o-grid__col u-7\/12@md u-full--height\">\n                            <div class=\"c-card u-bgcolor-gray-blue u-full--height u-p-x6 u-p-x12@md\"><blockquote class=\"h4 u-weight-regular\">\u00bbcarmasec leistete einen nennenswerten Beitrag zur Sicherheit unserer Dienste. Professionelle Beratung, saubere Durchf\u00fchrung. F\u00fcr Infrastruktur-Pentests empfehlen wir carmasec uneingeschr\u00e4nkt.\u00ab<\/blockquote><div class=\"o-media o-media--middle\"><\/figure>\n                                    <div class=\"o-media__fluid\">\n                                        <p class=\"o-type-small u-mb-x0\"><strong>tyntec GmbH<\/strong><\/p><\/div>\n                                <\/div>\n                            <\/div><\/article>\n                    <\/div>\n                <\/div><\/div>\n    <\/div>\n<\/section>\n<section id=\"m-facts__container-block_63582cfe3d6245d30537161473901ff6\" class=\"m-facts__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x16@md u-bgcolor-gray-blue\">\n    <div class=\"o-container\">\n        <div class=\"o-grid o-grid--center\">\n            <div class=\"o-grid__col u-6\/12@sm u-4\/12@md u-3\/12@lg m-facts__left--horizontal u-mb-x6 u-mb-x0@md\" data-aos=\"none\"><h2>Warum carmasec?<\/h2>\n<p>Viele Anbieter testen. Der Unterschied liegt darin, was danach passiert.<\/p>\n<\/div>\n            <div class=\"o-grid__col u-6\/12@sm u-6\/12@md u-4\/12@lg u-push-1\/12@md m-facts__right--horizontal\">\n                    <div class=\"m-fact__item u-mb-x6\" data-aos=\"none\">\n                        <p class=\"m-fact__headline h3 u-mb-x2\">Threat Informed Defense als Methodik<\/p>\n                        <p class=\"m-fact__text o-type-small\">Unsere Angriffssimulationen basieren auf dokumentierten Techniken realer Angreifer:innen nach MITRE ATT&#038;CK. Kein generischer Scope. <br \/>\r\n<\/p>\n                    <\/div>\n                    <div class=\"m-fact__item u-mb-x6\" data-aos=\"none\">\n                        <p class=\"m-fact__headline h3 u-mb-x2\">Vendor-unabh\u00e4ngig<\/p>\n                        <p class=\"m-fact__text o-type-small\">Wir empfehlen keine Tools, weil wir deren Partner sind. Wir empfehlen, was fachlich passt. Das gilt f\u00fcr Methoden, f\u00fcr Scope und f\u00fcr den Bericht.<\/p>\n                    <\/div>\n                    <div class=\"m-fact__item u-mb-x6\" data-aos=\"none\">\n                        <p class=\"m-fact__headline h3 u-mb-x2\">Pers\u00f6nlich<\/p>\n                        <p class=\"m-fact__text o-type-small\">Kein Ticket-System, kein offshore Delivery. Direkte Kommunikation mit den Expert:innen, die testen.<\/p>\n                    <\/div><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-headline__container-block_4869f3b7ce34570ca0beb7e1d9a01c74\" class=\"m-headline__container u-pt-x8 u-pb-x0 u-pt-x20@md u-pb-x0@md\">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n            <div class=\"o-grid__col u-12\/12@md\" data-aos=\"none\"><h2>Frequently asked questions about Offensive Security<\/h2><\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"m-accordion__container-block_1d114e72b7e1cfdc6ebf90c8cca47b52\" class=\"m-accordion__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x20@md \">\n    <div class=\"o-container\">\n        <div class=\"o-grid\">\n            <div class=\"o-grid__col u-12\/12@md\">\n                <div class=\"m-accordion\" itemscope itemtype=\"https:\/\/schema.org\/FAQPage\">\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     How does a manual pentest differ from a vulnerability scan?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>A vulnerability scan runs automated checks based on known patterns. A manual pentest combines this baseline with creative approaches, tailored attack chains, and context about your specific environment. This produces realistic scenarios that automated tools alone cannot replicate.  <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     How often should we run penetration tests?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>At least annually. In addition, after significant changes such as new applications, major releases, cloud migrations, or new AI solutions. For particularly critical systems, a shorter cycle may be appropriate.  <\/p>\n<p>&nbsp;<\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Do we only receive a report, or do you also support implementation?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Both are possible. By default, you receive clear, risk-based reporting. If desired, we support implementation, the remediation roadmap, and technical hardening. Including a retest.   <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     What is the difference between a penetration test and red teaming, and when do we need which?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>A penetration test assesses defined systems within a limited time frame. The goal is a comprehensive vulnerability analysis with documented findings. Red teaming simulates a real attack over weeks without a defined scope, based on actual attacker profiles. The goal is not full coverage, but proof of whether an attacker can reach a business-critical objective. If you want to know where vulnerabilities are, you need a pentest. If you want to know whether your detection and response work in an incident, you need red teaming.     <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     We are not a financial institution. Is TLPT still relevant for us? \n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>TLPT is a regulatory requirement for certain financial institutions under DORA. For everyone else, the principle is still relevant: threat-led penetration testing aligns attack simulations with real threat profiles, not generic checklists. Organizations that operate critical infrastructure or work in regulated industries benefit from the same approach without a formal TLPT obligation.  <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Our development teams work agile. How can Offensive Security be integrated into ongoing release cycles? \n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Offensive Security does not have to be treated as a one-off project. Penetration tests can be limited to individual releases or new features. Attack simulations can run in parallel with operations. During scoping, we define together which approach fits your development cycles without interrupting operations.   <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     What exactly does an attack simulation test that a classic pentest does not cover?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>A penetration test finds vulnerabilities. An attack simulation tests whether your detection and response mechanisms identify those vulnerabilities and respond correctly. Ransomware behavior, command-and-control traffic, and data exfiltration are replicated under controlled conditions. The key question is not only: Is there a gap? But: Would your SOC notice an attack through it?    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Do our employees need to know that a phishing campaign is running?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>That depends on the objective. Unannounced campaigns deliver more realistic results on the organization\u2019s actual maturity level. Announced campaigns have a stronger awareness effect. Both are possible and legally permissible if the framework conditions are clearly defined. We clarify this during scoping together with your HR and legal departments.    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     How do you protect confidential systems and data during an engagement?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Every engagement starts with a defined scoping document: target systems, exclusions, time windows, points of contact, and emergency processes. We work exclusively within the agreed framework. Findings are transmitted in encrypted form and are not communicated via insecure channels. Confidentiality is governed contractually.   <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     Do penetration tests and red teaming meet the requirements of NIS-2 and DORA?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>Yes. DORA requires regular resilience testing for certain financial institutions, including TLPT under TIBER-EU. NIS-2 expects technical security testing as part of risk management. ISO 27001 requires evidence that implemented controls have been tested for effectiveness. Our reports are audit-proof and aligned with the evidence requirements of the respective regulations.    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                         <div class=\"m-accordion__item u-bgcolor-white u-mb-x2\" itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" data-aos=\"none\">\n                             <div class=\"m-accordion__header u-relative u-pv-x2 u-pv-x4@sm u-ph-x3 u-ph-x6@sm\">\n                                 <p class=\"h6 u-mb-x0\" itemprop=\"name\">\n                                     What happens after the test, and who implements the measures?\n                                 <\/p>\n                             <\/div>\n                             <div class=\"m-accordion__body u-relative u-index--1\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\">\n                                 <div class=\"u-ph-x3 u-ph-x6@sm u-pb-x2\" itemprop=\"text\"><p>The report prioritizes findings by risk and provides concrete countermeasures. If desired, we support implementation, verify measures in a retest, and derive a security roadmap from the results. Technical measures are implemented by our defense team. Findings with governance or compliance relevance flow directly into your ISMS and your evidence documentation for ISO 27001, NIS-2, and DORA. Offensive, defense, and governance work in a continuous cycle at carmasec.    <\/p>\n<\/div>\n                             <\/div>\n                         <\/div>\n                 <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"form\" data-anchor-title=\"form\" class=\"m-form-text__container u-pt-x8 u-pb-x8 u-pt-x20@md u-pb-x20@md u-bgcolor-secondary\">\n    <div class=\"o-container u-relative\">\n        <div class=\"o-grid o-grid--center\">\n            <article class=\"o-grid__col u-6\/12@sm u-4\/12@lg u-mb-x6 u-mb-x0@sm\" data-aos=\"none\">\n                <p class=\"h4 u-color-white\">Kontakt<\/p>\n<h2 class=\"u-color-white\">Bereit f\u00fcr den Realit\u00e4tscheck?<\/h2>\n<p class=\"u-color-white\">Du willst wissen, wie weit ein Angreifender in die eigene Infrastruktur vordringen w\u00fcrde? In einem ersten Gespr\u00e4ch kl\u00e4ren wir gemeinsam, welcher Ansatz zur konkreten Situation passt, welche Systeme im Fokus stehen sollten und was ein realistisches Bedrohungsbild f\u00fcr euer Unternehmen bedeutet.<\/p>\n<div class=\"o-media o-media--res o-media--middle u-mt-x6\">\n<figure class=\"o-media__fixed\"><img decoding=\"async\" class=\"u-image--circle alignleft wp-image-1556 size-thumbnail\" src=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/TBoergers-150x150.jpg\" alt=\"Portr\u00e4tfoto von Timm B\u00f6rgers, Gesch\u00e4ftsf\u00fchrer bei der carmasec.\" width=\"150\" height=\"150\" \/><\/figure>\n<div class=\"o-media__fluid\"><strong class=\"u-color-white\">Timm B\u00f6rgers<\/strong><br \/>\n<span class=\"u-color-white\">Gesch\u00e4ftsf\u00fchrer<\/span><br \/>\n<a class=\"u-color-white\" href=\"tel:0049201426385905\" target=\"_blank\" rel=\"noopener\">+49 (0)201 426 385 905<\/a><br \/>\n<a class=\"u-color-white\" href=\"mailto:vertrieb@carmasec.com\">vertrieb@carmasec.com<\/a><\/div>\n<\/div>\n\n            <\/article>\n            <div class=\"o-grid__col u-6\/12@sm u-7\/12@lg u-push-1\/12@lg\" data-aos=\"none\">\n                <div class=\"c-card u-bgcolor-gray-blue u-p-x6 u-p-x12@md\">\n                    <script>hbspt.forms.create({portalId: \"144374369\", formId: \"a8bcc202-a8a1-45c8-ab43-e23af62f6711\"});<\/script>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":4,"featured_media":3457,"parent":3458,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-3586","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Offensive Security | Pentests &amp; Red Teaming | carmasec<\/title>\n<meta name=\"description\" content=\"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Offensive Security\" \/>\n<meta property=\"og:description\" content=\"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/\" \/>\n<meta property=\"og:site_name\" content=\"carmasec\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-29T12:22:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1068\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/\",\"name\":\"Offensive Security | Pentests & Red Teaming | carmasec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/carmasec_effekt.jpg\",\"datePublished\":\"2026-04-13T16:32:32+00:00\",\"dateModified\":\"2026-05-29T12:22:37+00:00\",\"description\":\"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/carmasec_effekt.jpg\",\"contentUrl\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/carmasec_effekt.jpg\",\"width\":1920,\"height\":1068,\"caption\":\"Pie chart showing the three carmasec service areas Compliance, Offensive, and Defense, embedded in the values Security, Done, and Right, against a blue and orange digital data network background\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Services\",\"item\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Offensive Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/\",\"name\":\"carmasec\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Organization\",\"Place\"],\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/#organization\",\"name\":\"carmasec GmbH & Co. KG\",\"alternateName\":\"carmasec\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/\",\"logo\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#local-main-organization-logo\"},\"image\":{\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#local-main-organization-logo\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/carmasec\\\/\"],\"description\":\"Die carmasec GmbH & Co. KG ist eine auf Cybersicherheit und Cyberresilienz spezialisierte Beratungsunternehmen mit Sitz in Essen. Das Leistungsspektrum verbindet zwei essenzielle Welten: strategische Compliance und dem Schutz vor Cyberangriffen. Mit einem klaren Fokus auf agile Sicherheitsprozesse unterst\u00fctzt carmasec Kunden branchenneutral und herstellerunabh\u00e4ngig. Das interdisziplin\u00e4re Team integriert langj\u00e4hrige Beratungserfahrung mit modernen Arbeitsweisen, um komplexe Anforderungen \u2013 von ISMS und Risikomanagement bis hin zu Cloud Security und Offensive Security \u2013 effizient umzusetzen. Zu den Kunden z\u00e4hlen der gehobene Mittelstand sowie internationale Konzerne, insbesondere aus Finanz- und Versicherungswesen, Fertigungsindustrie, Automotive sowie Kritischen Infrastrukturen. Mit der etablierten Veranstaltungsreihe \u201efriends of carmasec\\\" schafft das Unternehmen eine zentrale Plattform f\u00fcr den Branchen-Dialog und vernetzt regelm\u00e4\u00dfig Entscheidungstr\u00e4ger:innen und Expert:innen aus der Security-Community. carmasec bef\u00e4higt Organisationen, Risiken ganzheitlich zu managen und digitale Infrastrukturen proaktiv zu sch\u00fctzen.\",\"legalName\":\"carmasec GmbH & Co. KG\",\"foundingDate\":\"2018-12-18\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"},\"telephone\":[],\"openingHoursSpecification\":[{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Monday\",\"Tuesday\",\"Wednesday\",\"Thursday\",\"Friday\",\"Saturday\",\"Sunday\"],\"opens\":\"09:00\",\"closes\":\"17:00\"}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.carmasec.com\\\/en\\\/services\\\/offensive-security\\\/#local-main-organization-logo\",\"url\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/logo-carmasec.svg\",\"contentUrl\":\"https:\\\/\\\/www.carmasec.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/logo-carmasec.svg\",\"width\":299,\"height\":40,\"caption\":\"carmasec GmbH & Co. KG\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Offensive Security | Pentests & Red Teaming | carmasec","description":"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","og_locale":"en_US","og_type":"article","og_title":"Offensive Security","og_description":"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.","og_url":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","og_site_name":"carmasec","article_modified_time":"2026-05-29T12:22:37+00:00","og_image":[{"width":1920,"height":1068,"url":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","url":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/","name":"Offensive Security | Pentests & Red Teaming | carmasec","isPartOf":{"@id":"https:\/\/www.carmasec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#primaryimage"},"image":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","datePublished":"2026-04-13T16:32:32+00:00","dateModified":"2026-05-29T12:22:37+00:00","description":"Test your defenses under real-world conditions. Penetration tests, red teaming, and code reviews by senior experts. No subcontracting.","breadcrumb":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.carmasec.com\/en\/services\/offensive-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#primaryimage","url":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","contentUrl":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/04\/carmasec_effekt.jpg","width":1920,"height":1068,"caption":"Pie chart showing the three carmasec service areas Compliance, Offensive, and Defense, embedded in the values Security, Done, and Right, against a blue and orange digital data network background"},{"@type":"BreadcrumbList","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.carmasec.com\/en\/"},{"@type":"ListItem","position":2,"name":"Services","item":"https:\/\/www.carmasec.com\/en\/services\/"},{"@type":"ListItem","position":3,"name":"Offensive Security"}]},{"@type":"WebSite","@id":"https:\/\/www.carmasec.com\/en\/#website","url":"https:\/\/www.carmasec.com\/en\/","name":"carmasec","description":"","publisher":{"@id":"https:\/\/www.carmasec.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.carmasec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Organization","Place"],"@id":"https:\/\/www.carmasec.com\/en\/#organization","name":"carmasec GmbH & Co. KG","alternateName":"carmasec","url":"https:\/\/www.carmasec.com\/en\/","logo":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#local-main-organization-logo"},"image":{"@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#local-main-organization-logo"},"sameAs":["https:\/\/www.linkedin.com\/company\/carmasec\/"],"description":"Die carmasec GmbH & Co. KG ist eine auf Cybersicherheit und Cyberresilienz spezialisierte Beratungsunternehmen mit Sitz in Essen. Das Leistungsspektrum verbindet zwei essenzielle Welten: strategische Compliance und dem Schutz vor Cyberangriffen. Mit einem klaren Fokus auf agile Sicherheitsprozesse unterst\u00fctzt carmasec Kunden branchenneutral und herstellerunabh\u00e4ngig. Das interdisziplin\u00e4re Team integriert langj\u00e4hrige Beratungserfahrung mit modernen Arbeitsweisen, um komplexe Anforderungen \u2013 von ISMS und Risikomanagement bis hin zu Cloud Security und Offensive Security \u2013 effizient umzusetzen. Zu den Kunden z\u00e4hlen der gehobene Mittelstand sowie internationale Konzerne, insbesondere aus Finanz- und Versicherungswesen, Fertigungsindustrie, Automotive sowie Kritischen Infrastrukturen. Mit der etablierten Veranstaltungsreihe \u201efriends of carmasec\" schafft das Unternehmen eine zentrale Plattform f\u00fcr den Branchen-Dialog und vernetzt regelm\u00e4\u00dfig Entscheidungstr\u00e4ger:innen und Expert:innen aus der Security-Community. carmasec bef\u00e4higt Organisationen, Risiken ganzheitlich zu managen und digitale Infrastrukturen proaktiv zu sch\u00fctzen.","legalName":"carmasec GmbH & Co. KG","foundingDate":"2018-12-18","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"},"telephone":[],"openingHoursSpecification":[{"@type":"OpeningHoursSpecification","dayOfWeek":["Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"],"opens":"09:00","closes":"17:00"}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carmasec.com\/en\/services\/offensive-security\/#local-main-organization-logo","url":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-carmasec.svg","contentUrl":"https:\/\/www.carmasec.com\/wp-content\/uploads\/2026\/02\/logo-carmasec.svg","width":299,"height":40,"caption":"carmasec GmbH & Co. KG"}]}},"_links":{"self":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/comments?post=3586"}],"version-history":[{"count":1,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3586\/revisions"}],"predecessor-version":[{"id":3587,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3586\/revisions\/3587"}],"up":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/pages\/3458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/media\/3457"}],"wp:attachment":[{"href":"https:\/\/www.carmasec.com\/en\/wp-json\/wp\/v2\/media?parent=3586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}