EXPLORE OFFENSIVE SERVICES                                  EXPLORE DEFENSIVE SERVICES                                      EXPLORE OTHER SERVICES



Our offensive services cover a wide range of ethical hacking techniques and methods, which are conducted by an attacker approach. Ethical hacking is a comprehensive term which contains hacking methods, like penetration testing, red teaming, war game, social engineering, etc.


The goal of these testings are to identify vulnerabilities and other security risks in the client's networks, web and mobile applications. The results and analysis of these tests provide an excellent foundation for the client to create an effective remediation plan, which can reduce the likelihood of future attacks. Well documented ethical hacking projects can help the organizations to be more security-conscious by creating security policies for the whole infrastructure - included the human factor as well.


Nowadays, ethical hacking tests are essential in a life of a corporate organization, not just because of the emerging number of malware, ransomware and other malicious attacks, but to ensure compliance with IT security rules and laws.


Click to learn more about our offensive services:



Penetration testing is an advanced ethical hacking method, during which our assessors use OWASP based methodology to provide a security review of the client's networks and/or applications.

The process begins with a detailed research and scanning into the architecture and environment, with the performance of 80% manual and 20% automated testing to identify possible vulnerabilities in the networks and/or applications in scope.

After the vulnerability assessment, which provides a great foundation for the further analysis, an exploitation  phase follows. In this phase assessors try to exploit the vulnerabilities found for the purpose of detecting security weaknesses and risks.

At the end of the tests our team creates detailed report about the vulnerability findings with severity levels and remediation plan.




Penetration testing is essential for every organizations, because it helps finding and fixing security risks of the environment.






Cyber attacks can come from various sources and with different purposes. Because of this, firms are not only afraid of their own safety, but they are afraid of being impeached for 'letting' hackers use their resources to attack other companies. A well-planned security system is the combination of communicational, computer, network and physical security. In order to achieve this, policies are need to be implented, which can prevent the unauthorized use of the corporation’s informational values, also the proactive risk management becomes crucial.

The main goal of red teaming is to determinate the organization's risk rating, and to identify vulnerabilities relates to its facilities, employees and technologies.

During red teaming, various attacks are executed side by side, such as social engineering, physical penetration testing, application penetration testing, network penetration testing, etc. The goal of the attacks is to identify real threats that may be exploited during a malicious attack, for instance those vulnerabilities that could provide virtual or physical access to sensitive information - producing data leakage and causing the whole system/network to be compromised.

In fact our highly trained security professionals simulate attacks in order to:

  1. Identify the physical, hardware, software and human vulnerabilities
  2. Ensure the better understanding of the corporation’s risk level
  3. Help patching of the recognized security weaknesses


Red teaming is recommended to larger corporations, where the networks are so large-scale, that a basic penetration testing is not enough and a more complex approach is needed.




War Game simulations are widely used by military and intelligence forces for decades, during which the most important goal is to prepare the troops to the events would occur in a war. This approach has been successfully adapted by the business sector.

In the most cases organizations are not properly prepared for an unexpected cyber incident, moreover often a well documented incident response plan is not enough.

First of all, our team performs a deep analysis of the company's infrastructure, hierarchy, existing playbooks and potential security weaknesses. Based on the information gained from the analysis, we specify principles, concepts and goals.

In the next phase, the war game begins with the teams, based on the previously composed script - coordinated by a mediator. At last, a report is created which includes a detailed performance evaluation and future suggestions.



War game service is recommended to larger organizations. A simulation tailored to the company and its infrastructure - can help to create a more useful script to respond newly appearing cyber incidents by training the employees like soldiers.






The behavior of the personnel can have a huge impact on the safety of information in an organization. Usually the human factor is the weakest link in the chain of security. In many cases, even though the company uses the latest technological and physical security solutions, it becomes indispensable to educate employees, vendors and subcontractors in order to increase information security awareness.

Because of hackers are aware of the above mentioned facts, their first targets are always the human beings. Cyber criminals use sophisticated social engineering tools in order to persuade and manipulate their targets so they can acquire sensitive information. 

Our social engineering service puts the human factor forward, which has a significant role during building security in an organization. Through using various investigating and analyzing techniques based on automatized and manual testing, our security professionals plan realistic social engineering campaigns to test the personnel and processes. We use methods such as phishing, vishing (voice phishing), open source information gathering, etc.


We recommend social engineering campaigns to every company, because it becomes more and more important to educate employees in order to secure valuable information of the organization.




Our defensive services cover a wide range of incident response techniques and methods, which are conducted by a defense approach. Cyber security defensive services include methods, like blue teaming, cyber range, hardening, detection capability development, and code reviewing, etc.

The goal of these solutions is to identify the risk level of the organization's infrastructure and create an effective incident response plan within the company itself. Based on the previously conducted assessments, we can create a successful defensive playbook in order to develop incident response capabilities and harden all of the assets of the organization.  

Today, defensive techniques are as important as offensive methods, because it not just allows the company to respond incidents faster and in a more effective way during a real attack, but also helps to prevent future attacks.


Click to learn more about our defensive services:




There are many similarities between the informatical infrastructure and human organism: both are based on a correct communication between connected units and both are sensitive to external impacts. Through these external impacts and attacks the organism can get sick and the computer park could become a botnet. The solution for the former would be reinforcing its immune system while preventing the latter a strong blue team is needed.

In today's complex world of IT security, having a group of elite professionals - that helps the operation of various company IT security subteams (eg. network, OS, hardware) and provides them with the latest information and frameworks - becomes essential in every larger corporation.

Blue teaming is basically the development of an informatical immune system. The blue team is capable of fast averting of various attacks due to the gained knowledge and experience of the team. Also with the help of the team it is possible to patch the various common security vulnerabilities by creating appropriate company IT security policies in order to build an efficient security system.

With the efficient collaboration of our company’s blue and red team department it is possible to identify the current security vulnerabilities of networks, webpages or mobile devices. That way, it is possible to draw a guard-net around the most important data and company infrastructure.

The Blue Team’s role also includes:

  • Testing and developing an efficient internal communication
  • Incident response
  • Digital investigation (DFIR)
  • IT security training
  • Designing SIEM IT security response systems
  • Examination of compliance regarding IT security standards (GDPR, PCI DSS, ISO27K)


Blue teaming is recommended to larger corporations, where a more complex approach is needed to create an effective defense plan.




During our cyber range service incident response teams can improve and test their incident handler capabilities in different environments. These environments are the miniaturized versions of complete real-life infrastructures complemented with specific tools such as programmable logical controllers. This training tests not only the participants’ technical preparedness but also their escalation procedure order, speed and processes.

The goal of the simulation is to test and improve the organisation’s incident response and detection capabilities, the use cases, playbooks, and configurations.

Its advantage is that the simulated environment is very similar or even the same as the client’s original organizational infrastrucutre, this way it is also possible to practice incident handling plans against destructive attacks.

During the simulation the client's event handler groups (CERT, CSIRT, blue team, SOC, etc.) are constantly under attack on multiple front lines by our company’s dedicated hacker team (red team). The dedicated white team does the evaluation and regulates the processes. Based on our company’s values and experience, the most important part of incident handling is the person, then the processes and lastly the technology.

On our client’s demand we can:

  • add custom industrial controller tools to the environment
  • plan SIEM systems (testing ruleset and configuration)
  • test other devices and configurations



Primarily for organizations who are planning to have or already have a local SOC (Security Operations Center), an IT-security team, CERT, CSIRT, or other infosec unit.




Hardening means the improvement of the informatical structure's “immune system”. The goals of these processes are to create a clear policy in order to ensure that different operating systems and applications use only the privileges, services, and resources that are strictly necessary for their operation. With hardening, the systems’ exposure to cyberattacks and vulnerabilities can be substantially reduced.

The methodology of our service:

  1. Active reconnaissance and vulnerability scan
  2. Creating a dependency matrix of the dependant systems in order to get a holistic picture of how disabling or modifying services on different levels can affect the system
  3. Designing a hardening plan based on numerous benchmark systems available
  4. Creating backups (of the applications, the configurations and the operating system)
  5. Performing changes step-by-step and record these in a change tracker system
  6. Testing the availability and integrity of the services
  7. Executing remediation check
  8. Creating reports

It is surpassingly important to administrate the constant change of the system and test it in order to keep up the productivity and prevent the system becoming a victim of an attack.


Primarily for those organisations and companies who want to enhance their preventive capabilities based on their IT-security strategy. The solution is able to substantially reduce the spread of ransomware, the intentional or unintentional data leakage as well a wide range of attack vectors. The solution can also be a goal for a smaller business.





The incident handler teams (CSIRT, CERT) focus on evolving their processes and developing, optimizing the quality and quantity of the information handed to their organization. The IR (incident responder) team must become aware of alerts and incidents as soon as possible and distinguish between true and false positives as fast as possible. In order to do this they need the proper tools, hardwares, softwares and know-how.

According to IT security surveys the most effective solutions are still the IDS/IPS and frontier defences and/or combined firewalls (UTM) that are integrated into the company’s infrastructure. In fact, it is not enough to dedicate personnel to a mainly signature based IDS/IPS in an 8/5 or a 24/7 duty, rather the security devices should be grouped in one centralised and transparent system.

Detection capabilities are mostly defined in proportion by the used tools and the professional’s experience (“skill-set”). Our company’s SOC/CSIRT Development portfolio provides clients a wide range of devices with deployment and training if needed.



Detection capability development becomes essential for every company who would like to harden its information security defense system.




By code reviewing we mean the detailed investigation of the source code. Besides using automatic tools during the inspection, we also use manual techniques based on professional programmer knowledge and experience.

The main goals of source code reviewing are to find the flaws made by the programmers, identify vulnerabilities and numerous other critical points and security problems.

The vulnerabilities could be the following:

  1. Possible exploitation of formatting set
  2. Memory corruptions
  3. Buffer overflow
  4. Flaws in the authentication mechanism



Source code reviewing is recommended for smaller to larger organizations as well, because it is crucial to build and operate a truly secure system. 






Explore our other services related to information security. 


Click to learn more about our other services:




In the course of the steadily growing development and headway of IT systems, there are more and more security problems and questions rising up to which traditional defense methods and tools – eg. antivirus, firewall – are not sufficient answers. In order to parry the aimed, sophisticated cyber attacks and the possible inner misuse of data in our world and to ensure the active protection of the organization, we need complex systems, processes and a dedicated team.


The CSIRT’s – Computer Security Incident Response Team, or in its certified name CERT (Computer Emergency Response Team) – task it to detect, avert, investigate emerging cyber attacks and to reduce the promiscuous impacts caused by them. The team in an optimal case serves its duty in a SOC where the technical requirements are given.


  1. Surveying: During the conversations with the extant accident handler teams, we determine the needed modules that support a more efficient accident handling. If there is no accident handler team, then while we reconcile with the management and the operations team, we make a matrix for the needed abilities. This matrix serves as a useful guide during latter developments and verification.
  2. Training: Based on the surveys we hold thematic theoretic, but mostly technical training. The modules of our training include:
    • Incident handling rudiments
    • Detection capabilities
    • Log and SIEM analysis
    • Cyber Threat Intel
    • Basic forensics
    • Network packet analysis
    • Netflow analysis
    • Dynamic malware analysis
    • APT Kill Chain Hunting
  3. Report: The acquired knowledge can be tested during a War Game or Cyber Range scenario benchmarked by our scoring system.


According to the organization’s buildup and risk tolerance, our company makes a suggestion to find the suitable tactical and operative actions and strategies, and we support the development of an IRP (Incident Response Plan). For the leaders of the company, we provide practices and training based on TTX (Table Top Exercise) and Capstone Exercise.



Principally for those organizations or bigger corporations that have their own incident handler teams or are planning on establishing one for themselves. Our company is fully at your service regarding the planning of the CSIRT, the training, and the practicing phase.

Black Cell Ltd. has helped various CSIRT’s realization and support (including governmental, multinational corporation’s and intercontinental outing’s CSIRT) and has obtained many experiences thanks to our SOC ran by us. We provide SOC service in Hungary and in other member countries of the European Union.







CTI is a conception built on an open-source (OSINT – Open-Source Intelligence) and a social media intelligence as well as on the deep and dark web, whose most important task is to quest the trends and technical improvement in the four main segments:

  • Computer criminality
  • Hacktivism
  • Cyber espionage
  • Search of APTs


With the use of these researches and the finds of those businesses and states alike have the opportunity to set up their defenses before the attacks.

During the procreation of CTI, the Black Cell team integrated not only the basic functions but other improvements too, such as:

  • We aim to precede attackers with automated reverse engineering tools, data flow monitoring, real-time feed-forwarding and by having our own honeypot farm
  • Thanks to the active monitoring of the dark web, searching for specific keywords we could get informed instantaneously of a new campaign, be that a new ransomware or a new vulnerability
  • By our cooperation with many other similar corporations, a wide array of opportunities has opened before us. This way, the collection of compromised e-mail addresses and servers is done by many teams, so we can instantaneously report not only our collection but also the cooperating corporations’ to the given enterprise.


Cyber threat intelligence (CTI) is an advanced process that enables the organization to gather valuable insights based on the analysis of contextual and situational risks and can be tailored to the organization’s specific threat landscape. This intelligence can make a significant difference to the organization’s ability to anticipate breaches before they occur, and its ability to respond quickly, decisively and effectively to confirmed breaches — proactively maneuvering defense mechanisms into place, prior to and during the attack.






Sometimes cyber and insider attacks are unavoidable and can create disastrous results. When one happened, then Black Cell is here to give a helping hand to your organization. Our seasoned forensics experts are highly skilled in the art of cyber investigation and intelligence and can help both with uncovering the people behind an attack and the creation of forensically sound evidence.


When to contact us?

  • in case of suspicious data leaks
  • when the email communication with your business partners feels fishy
  • in case of buying/selling organizations, for a health check
  • in case a privileged employee’s contract is terminated


What are the parts of a forensic examination?

  • examining the meta-data of documents, emails, and pictures
  • checking the internet-related logs and cookies
  • cloning and examining the file systems of the computers
  • checking the network logs
  • examinations of the memory (RAM) of the computers
  • extracting information from deleted files in regard to suspicious activities (if possible)


Why ask us as forensics experts?

  • if a breach is uncovered in time, then there’s more chance to catch the actors behind it
  • if a breach has been caught in its early stage, there’s less possibility for the press to make an interesting topic about it, therefore we can protect the organization from the possible financial and reputational loss regarding the breach (usually the collateral losses are bigger than the originals)
  • after a breach, we can uncover its attack vector and can identify the systems modified and data stolen (re-establish the CIA triad)


Some useful tips regarding breaches

  • when something suspicious is happening on the network, the strangely behaving computers need to be placed into an isolated network segment
  • the computers involved in a breach should be left alone: if they’re on, they have to stay on and vice versa
  • to protect against breaches, it’s wise to set up a security incident and event management system (SIEM), a manageable, next-generation firewall (like Sophos UTM or some Fortinet devices) and not to forget the proper information security training of the employees.
  • it’s also wise to make the log retention time for the devices for the organization at least one year






In the corporational environment of our days the creation and maintenance of cybersecurity is one of the greatest challenges for IT security professionals.

We map the security gaps and vulnerabilities found on the IT environment’s hardware, software and user landscape with our IT security audit service, then we suggest a solution to close these holes, and after that, we run our IT security audit once again to be assured that the company has complete security – for the damage or unauthorized use of confidential data could mean great financial and moral harm to the company.



We recommend our IT security audit service to enterprises that work in critical sectors such as public services, bank, and energy sector which are more likely to be suspect of cybercrime. At the same time, from a preventive point of view, every audit yields useful information for every corporation.






The main requirement of success in the world of business IT is that your systems are secured against the ever-growing threats of our days. IT professionals face new and more tasks daily thanks to the fact that threats are getting more sophisticated and mobility grows. In order to take these tasks successfully, in many cases the only solution is to have the correct appliances and a deep knowledge in IT security. To acquire this special knowledge, you need not only time but an adequate training too, which costs a lot of money. Also, investing in security appliances and programs mean a great expense too. With Black Cell’s MSS solution, your security tasks are handled by professional devices and specialist for a plannable monthly subscription.


During the determination of the IT budget, it is hard to predict that a year or later after a bigger security project what kinds of threats or trends should you be protected against; thus, it is harder to make cost-efficient decisions while keeping the growth of the company in mind too. The MSS solutions are flexible, well-scalable and have a monthly subscription, this way they offer a great solution to efficiently maintain your IT security.


Limited human or financial resources?

You need a solution that’s maintenance cost is low and does not require your IT team’s attention, so they can focus on the business priorities. Our firm’s solutions are sold in bundles, are flexibly expandable, are managed professionally and represent the highest security levels possible to provide seamless operation for our customers.


Emerging special compliance and security needs?

Presumably, you already have a dedicated IT security team, but there may be a need to expand on key areas – the use of the best data protection strategies and the protection against threats.


Managed security services include:

1. Network security

  • Managed firewalls, security appliances
    • Next-Generation Firewalls (NGFWs)
    • UTM devices
    • Web Application Firewalls (WAFs)
    • Web Gateways
    • E-mail Gateways
  • Management of wireless networks
  • Process-like vulnerability assessments (?)
  • SIEM, security event and log handling

2. Application security

  • Managed application penetration testing
  • Testing
  • Managed Web Application Firewall (WAF)

3. Endpoint security

  • Managed workstation protection
  • Managed mobile device protection
  • Managed data protection



Be that a small company, which has problems with purchasing and maintaining a firewall or a big company with a SIEM system that needs specialists to run, everyone can find one of our solutions that fits them the best.


We deal with 2 million logged security and conformance event every day and protect over 1000 managed workstation with 24/7 technical support, online and on phone alike. Black Cell Ltd. has many years of IT security experience, outstanding IT security community experiences and memberships, such as OTX or Metasploit, 24/7/365 support throughout the whole country, providing instantaneous response to incidents with reliability and cost-efficiency.







In most cases, the data protection of the modern IT infrastructure is subsumed to the operative national laws, the standards judged important by the company and other regulators operating in and out the company, which inevitably focuses only on solving the organization’s problems.


The goal of our corporation’s approach – which is proven to be more efficient and targeted than others – is to reveal the real vulnerabilities of the corporation’s critical data. With our method, the client gets a comprehensive picture of who, when, where and in what manner did the user copy, save or send critical data, including all of the devices, network communications, and peripherals used in the process.

At the end of the data protection audit, we offer a solution to prevent or to ease the harm caused by data leakage, then after the implementation of those recommendations, we rerun our audit to prove the solution’s successfulness.



We strongly recommend our data protection audit service to all SMEs, as the latest European Union data protection edict, the GDPR (General Data Protection Regulation) inures in 2018, and will be mandatory for all corporations operating, holding and using personal information in the EU.






On the 25th of May, 2018 the GDPR (General Data Protection Regulation) inures. This date is the deadline for business companies and institutions handling and storing personal information to prepare to be suited for the requirements stated in the law.

The preparation should mainly focus on overviewing, retracing, and, if necessary, restructuring the processes regarding the data handling., and last, but not least, it should touch on the IT security too: authority management, intrusion defence, developing and implementing alert and incident handling policies, encrypting, DLP (Data Loss Prevention), MDM (Mobile Device Management), etc.



Our SOC (Security Operations Center) configuration consultation service packs suggestions regarding the system’s efficient operation and initiation of key solutions such as incident handling scenarios, the creation of intrusion prevention plans, the implementation of the early warning system, etc.



Not only is it important that the data kept and handled in the business environment does not get into unauthorized persons’ hands because of the forthcoming GDPR, but also because DLP (Data Loss Prevention) could be a solution against data leakage and data loss due to human error if the company is prepared for the initiation of such system. What do we mean by preparation?

The company must be able to determine where and how they store their sensitive data and to determine who has access to those and how. They must create an IT security policy, or if they already have one, it should be updated and based upon its guidelines can the initiation of a DLP system take place.



Nowadays employees use their own mobile devices more often during their work. How many e-mails containing sensitive data are being read and forwarded by an average employee daily via his/her smartphone? Does the employee let his/her children use that smartphone? If the employee loses his/her mobile device, how can you be sure that the company’s data will not get into unauthorized peoples hand?

Our MDM solution answers all questions and problems mentioned above, at which’s implementation we help creating such a set of rules with which the employees are satisfied with and the company’s executives may know the company’s informational values in safety too.



Learn how and where your IT structure can be attacked. Our experienced and qualified staff maps the vulnerable components of your applications, network, and web interface, helps to fix the shortcomings and helps with the creation of a remediation plan. Through our Social Engineering service, you can test your employee’s IT security awareness and find the possible weak points of the work process.









With IT security training, it is not only possible to reinforce the security awareness of companies and the employees, but it gives a knowledge to system administrators and other workers in the IT area, that they can actively use during performing their daily IT security tasks, making the company safer as well as making their own work more efficient.

Besides preparing the foundation-level security awareness, we hold advanced level training for companies that are more enlightened in the area (eg. IT security compliance, SOC and incident handling).



  • Administrator and user training for the products distributed by Black Cell (Sophos, Core Security, DeviceLock, Acunetix, Nessus, Rapid7, Metasploit, and Nexpose). We recommend this for those clients who had the aforementioned products installed recently, and the system administrators and end users are only getting to know the product.
  • Black Cell security awareness program: the awareness program is an open, informant activity, in which our specialists summarize the security questions connected to the given personal circle and give place for feedbacks to which they will happily answer. We share knowledge based on factual, technical experiences, with which our firm wants to help increase the security potential of staff working in certain institutions, especially to help them execute their tasks and role more responsible. Security awareness is a must for all organization handling sensitive data to avoid the advanced phishing (eg. social engineering) attacks.
  • The reinforcement of the internal defense of the operating system (hardening)
  • Network security
  • Governmental compliance training: ITIL, COBIT, ISO2700x, PCI DSS
  • Designing, prioritizing and scheduling information security training inside the organization
  • SOC (Security Operations Center) and incident handling.







Throughout the years, we have acquired many experiences that prove that as a firm or organization grows bigger, the acquisition becomes more irrational and less transparent. Our acquisition support service offers a solution for this problem since it allows our clients to have their acquisitions be as fast as possible while keeping the costs as small as possible and the process as efficient as possible.

We have an outstanding experience in big enterprise tenders, therefore we can take on the transaction of tenders – from announcing the tenders, through the signing of the shipping contract, to the shipment of the product or service.



Our acquisition support service means a great help for all those firms, where there is no sufficient substance in person for a specific acquisition (eg. IT, IT security or establishment and HR security) and where it is clear, that with outsourcing, the processes could be handled more efficient for a lower price.