Christophe Kiciak

Partner | Lead Offensive Security

Despite the ever-increasing precautions taken by companies around the world (application of standards, regulatory compliance, use of specialized protective equipment, staff training, technological advances, etc.), there have never been so many security incidents involving the exfiltration of confidential data, not to mention the spectacular nature of some famous cases.
Some people are marketing fear, while others believe that all is lost in advance. But while no safe can be guaranteed to be unbreakable, there are definitely big differences between a shoebox under a bed and Fort Knox. The company must therefore be able to assess its real situation in order to be able to take appropriate actions to protect its assets. But how to obtain a reliable diagnosis?

What we do

Our approach to this issue can be summarized in one word: pragmatism. To verify the ability of a car to protect its occupants, we reproduce a crash by throwing it against a wall. In fact, to concretely measure the security of an IT perimeter, it seems necessary to us to use the same methods as real hackers. For example, an automatic scan will not reproduce the techniques of a skilled hacker, and will give you little information about your real security level. So we suggest you get to the bottom of things, so that security no longer rhymes with cecity.

Our methodology

Penetration testing

Penetration tests aim to reproduce as accurately as possible the attacks of real hackers, whether they are beginners or experienced, from the Internet or from your internal network. The tested perimeters can range from a simple institutional or transactional website (including all OWASP controls), to large heterogeneous perimeters (external or internal), specific business applications (reverse engineering of applications, cryptographic attacks), mobile solutions (iOS or Android), the security of your directory (Active Directory attacks) or any other link of your IS. Our tests are mostly performed manually, by the most experienced consultants, in order to guarantee the best level of completeness of the results.

Source code security audit

A large majority of the most serious attacks are application related. Indeed, the security of systems and networks is increasingly well mastered, and hackers tend to abandon this type of approach, which is less effective for them. Penetration tests are a great tool, but not all problems can be detected by this method. Thus, to go even further, we can analyze the security of the source code of your applications (.NET, Java, C/C++, python scripts, perl, shell, etc.). This highly technical approach will not only have the advantage of detecting development flaws in a precise manner, but will also allow you to give strategic indications to your developers or partners, in order to limit the occurrence of other problems in the future. To ensure the best possible service, we never just use automatic code scanners: again, a thorough manual analysis is performed by our specialists.

Security architecture analysis

If real security incidents do so much damage, it is often due to an architecture (network and/or application) that has not been designed to ensure a good level of security, whether it is local, based on cloud bricks, or hybrid. Identifying these design problems is the best way to considerably reduce the impact of potential incidents.

Configuration security analysis

Penetration tests are performed starting from a specific point in the architecture (usually from the “user” area). This principle, although representative of real attacks, cannot detect all types of pitfalls. For example, if your logs include passwords, it goes without saying that this constitutes a significant risk that would not be reported. In addition, it is therefore possible to analyze the security of each critical component of an architecture (firewall, application server, database, etc.) in order to be one step ahead of hackers.


Finally, because these measurement techniques are useless if they are not followed by corrective actions, all our interventions are coupled with a didactic formalism. If technical jargon has its interest in the spheres of insiders, convincing the business of the importance of the flaws detected will be crucial to significantly increase the level of effective security. Thus, we make it a point of honor to make our conclusions clear, visual and understandable by all. Executive summary, anonymized summary for your customers, French or English, explanatory videos, explanation sessions or even training for your teams: all our expertise is at your disposal, in the format that suits you best.

The team

Our team is composed of about 20 consultants 100% dedicated to these missions.
The consultants are all passionate, experts in the field and certified (PASSI, OSCP, CISSP, SANS, Azure and AWS cloud certifications, etc.). The turnover within the team is very low, which allows a strong retention of expertise, and the guarantee for you of a personalized follow-up. The team is involved in R&D activities in hacking, in order to stay on the cutting edge (see:
We do not subcontract anything, to guarantee you a total control on our services.

What makes the difference

Choosing the Offensive Security Almond team is the guarantee of in-depth and realistic diagnostics, carried out by the best hackers, multi-certified and used to intervene in the most complex contexts, on behalf of many companies of all types, for 20 years.
It is also the guarantee to understand the results, to be able to communicate them internally, and to know what to do to improve, with precise and pragmatic action plans.
Our team is not subject to any commercial partnership. Our tests are done in your sole interest, in complete objectivity and with the highest ethics.

Slide >> CONTACT US <<