SERVICES

Vulnerability Assessment icon

VULNERABILITY ASSESSMENTS


Not ready for a full-blown Penetration Test? Vulnerability Assessments can provide an overview of your organization's security posture by identifying known security weaknesses, so your organization can establish an acceptable security baseline.

Penetration Testing icon

PENETRATION TESTING


A Penetration Test is a controlled simulation of real-world attacks against your organization. We take on the role of the attacker and try to compromise your systems to tell you how we did it.

Security Workshop icon

SECURITY WORKSHOPS


Want to bolster your personnel's security knowledge? We provide training workshops with live demos of real attacks so your employees can stay abreast of current threats. Highly recommended for web developers.

Vulnerability Assessment icon

VULNERABILITY ASSESSMENTS


WHAT

Our Vulnerability Assessments aim to identify and prioritize as many known security weaknesses affecting your Internet-facing systems as possible.

Vulnerability Assessments differ from Penetration Testing because they focus on breadth over depth and do not try to simulate an advanced adversary.

WHY

If your organization is not mature enough from a security standpoint, performing periodic Vulnerability Assessments can add the most value in helping you establish a minimum acceptable security baseline.

Vulnerability Assessments can also help organizations stay abreast of new, publicly disclosed weaknesses as soon as they are discovered because they are performed much more frequently than one-off engagements.

RUNESEC APPROACH

We carry out Vulnerability Assessments following a list-based approach with a focus on identifying as many known security weaknesses as possible. We use automated scanning tools, combined with manual testing to reduce or eliminate false positives.

SCOPE

Our Vulnerability Assessments can cover any Internet-facing systems, but without utilizing any credentials. We offer Vulnerability Assessments as an on-going service that can be purchased monthly, quarterly, or bi-annually per 12-month period.

Penetration Testing icon

PENETRATION TESTING


WHAT

A Penetration Test is a controlled simulation of real-world attacks that targets your organization to determine the possible likelihood of a security compromise, identify the associated risks you would be exposed to and demonstrate the full business impact this would have on your organization.

WHY

Why perform a pentest? Because you have assets that are worth protecting, assets such as your data, your clients, your customers and your business. Because you want to find out if the protections you've put in place can withstand a targeted attack from an advanced adversary. Because you want to improve your overall security posture.

SCOPE

The scope defines what is to be tested. In short, the scope is everything. The following can be included as part of the scope:

  • Infrastructure components
  • Web Applications
  • Mobile & Desktop Applications
  • Employees (Social Engineering)
  • Physical Security controls
  • Wireless Network components

RUNESEC APPROACH

We carry out Penetration Testing engagements with a focus on demonstrating MAXIMUM business impact. We don't just exploit security weaknesses to show they're there. We plan and execute precise attacks by exploiting multiple weaknesses in conjunction with one another.

Our simulated attacks follow a goal-oriented approach, tailored to each industry and each client, by modelling potential threats and targeting the Information Assets of your organization that are likely to come under fire.

WHY US

We don't limit ourselves to predefined checklists, and don't rely solely on automated scanning tools. We pride ourselves in our skills and abilities to perform extensive MANUAL TESTING to uncover weaknesses that would go undetected by such tools.

We leverage our offensive capabilities to identify the root cause of security weaknesses in order to provide clear, concise and thoroughly-researched mitigation strategies, that will help your organization PROTECT its business.

WE ARE HERE TO HELP

What we don't do is point the finger and assign blame. We're not trying to make you look bad; we want to work WITH you to help you plug the holes in your defences before someone else finds them.

The final stage of a Penetration Test is the delivery of a Report with detailed mitigation strategies, both at a procedural level and for individual weaknesses, that will help you enhance your overall security posture.

Security Workshops icon

SECURITY WORKSHOPS


WHAT

The old cliche that "People are the weakest link" in the security chain is only half true. Our Security Workshops aim to empower your employees by educating them about real-world security threats. We show you how actual attackers think and break down attacks, step-by-step, so your people can understand how they can protect your organization.

WHY

Do you want to build a security-focused culture within your organization? Do you want to help your personnel defend against Social Engineering? Do you want to help your developers write more secure code? Do you want to make sure your sysadmins think about security? Then do something by providing them the opportunity to learn how attackers think and operate.

RUNESEC APPROACH

We don't just read slides off of a projector; we carry out LIVE DEMOS using intentionally vulnerable environments - we either use existing ones, or we develop our own to mimic the technologies you use. We also love posing challenges to the audience and answering questions.

SCOPE

Like we said, the scope is everything. We offer the following workshops, each targeted towards a specific audience:

  • Security Awareness training for Employees
  • Security for Developers
  • Security for Sysadmins

ABOUT

OUR STORY

RUNESEC is a Cyprus company that offers OFFENSIVE Information Security Assessment Services, formed by a small team of highly-skilled individuals who share a strong passion for Computer Security. We strive to provide an uncompromising quality of work through our pursuit of knowledge and desire to hone our skills.

Our combined experience in providing Information Security assessment services includes clients such as Government agencies (local and foreign), the biggest Banks and largest Telecommunications providers in Cyprus, Payment Gateway providers, Forex companies, Insurance agencies, Oil & Gas multinationals and global Construction companies.

Image illustrating a man in a hoodie

OUR PHILOSOPHY

We believe in giving back knowledge and code to the local and global Infosec communities through our own independent research and development efforts.

Our goals reflect our philosophy:

  • To become the best offensive information security team in Cyprus.
  • To conduct security research and responsibly disclose any vulnerabilities we find.
  • To increase the Information Security awareness within our local community through knowledge sharing.
Image illustrating the hacker's emblem

MEET THE TEAM

Image of Simon

Simon Loizides

INTEREST Post-Exploitation
FAVOURITE TOOL Metasploit
FAVOURITE OS Arch Linux
Give me six hours to chop down a tree and I will spend the first four sharpening the axe.
Simon likes to stay prepared for stuff by climbing trees and the occasional rope.

Image of Nicolas

Nicolas Markitanis

INTEREST Mobile App Security
FAVOURITE TOOL mitmproxy
FAVOURITE OS Linux Mint
In the age of information, ignorance is a choice.
Nicolas likes to dabble in a little bit of everything, especially sciences and books.

Image of Marios

Marios Nicolaides

INTEREST Web App Security
FAVOURITE TOOL Burp Suite
FAVOURITE OS Linux Mint
A fool with a tool is still a fool.
Marios likes to spend his time reading hacking books and mastering his backgammon skills.

CONTACT

TELEPHONE

+357 22262653

REQUEST FOR PROPOSALS

info@runesec.com

PGP

Fingerprint: 05CA 12FF 9336 3AA0 B7D9 7AEA A4E2 384D 3841 71EF

PGP Key (Click to download)

DIGEST

RUNESEC is always looking to meet individuals who share our passion for Information Security. If you've got something cool to share like a tool, a paper, an exploit, your CV (although we currently have no vacancies) or even an interesting question, feel free to drop us a line (no phishing)!