About RandoriSec

RandoriSec relies exclusively on experts who have been accompanying their clients for risk management. Our experts are in constant evolution, they carry out a permanent watch and follow certifications and specialized trainings to accompany you as well as possible in your IT transformation projects.

Our sales brochure summarizes our services:

Download

0

Publications

0

Clients

0

Team

0

Pentests

Our Services

Web pentests

We test the security of websites and web applications until the security level you deserve is achieved.

Internal pentests

Using scenarios defined with you we come to your company to assess the security of your systems, networks and procedures.

Mobile pentest

Using latest attack techniques we try to hack mobile assets (applications, devices, MDM) to ensure that no critical weakness exist.

Trainings

Off-the-shelf and customized trainings by senior pentesters.

Security architecture and integration

We can assist you in your projects to design and build your security blocks.

Source code security review

Accessing the source code of your application we can uncover many otherwise invisible vulnerabilites.

Our Trainings

Pentest 101

With the increase on the cyber risk pentests are common now and most companies run them. This very specialized activity requires a good knowledge of the methodology and the tools and techniques of attacks.

Goal of this training is to share techniques having been acquired on the ground, during hundreds of intrusion tests

At the end of this training you will be able to carry out simple intrusion tests yourself on infrastructures as well as on applications and websites.

Download our brochure

Mobile Application Hacking (Android & iOS)

Our trainers will share many techniques, tips and tricks to deliver to pentesters, developers, bug bounty researchers or just curious a 100% “hands-on” workshop.

Goal is to introduce tools (Frida, Androguard, Cycript, Drozer, Needle, MobSF, Hopper, etc...) and techniques to help you to work faster and in a more efficient way in the mobile ecosystem.

This is the exact training that you would have liked to have before wasting your precious time trying and failing while testing.

Download our brochure

Advanced Penetration Testing in Real World

Our trainers will share many techniques, tips and tricks to deliver to pentesters, red teamers bug bounty researchers or even defenders during a 2 days 100% “hands-on” workshop.

Mains topics are:

_ buffer overflow 101: find and exploit buffer overflows yourself and bypass OS protections (because a lot of pentesters don’t even know how it works under the hood);

_ web exploitation: manually find and exploit web app vulnerabilities using Burpsuite (yes, running WebInspect, AppScan, Acunetix or Netsparker is fine but you can do a lot more by hand);

_ network exploitation: manually exploit network related vulnerabilities using Scapy, ethercap and Responder (because it works so often when doing internal pentests);

_ passwords: optimize the way you attack offline and online passwords (0day is fun but the way guys come in most of the time is simply by using login/passwords);

_ mobile app hacking: find and exploit Android/iOS app vulnerabilities using Needle, Frida, Cycript, Drozer, etc... (companies move their apps in the cloud and in the mobile world so pentesters have to evolve with that… or die);

Download our brochure

RandoriSec réalise des tests d’intrusion pour nous depuis des années; ils sont devenus un partenaire de confiance pour améliorer la sécurité de notre système d’information. Ils ont toujours fait preuve d’un grand professionnalisme : respect des délais, haute technicité, discrétion et clarté des restitutions. Au-delà de ces qualités incontournables pour ce type de prestations sensibles, une des forces de RandoriSec est d’associer à la recherche de vulnérabilités techniques une très bonne compréhension des aspects fonctionnels et business des applications et infrastructures ciblées. Ajoutons aussi qu’au cours des missions menées chez nous ils ont découvert plusieurs vulnérabilités 0day sur des produits renommés, ce qui confirme leur excellence technique.

Responsable de l’équipe en charge des mesures de sécurité préventives( Institution financière )

La prestation s'est déroulé dans les délais impartis. Nous n'avons eu aucun faux positifs. Le rapport était simple, clair et immédiatement utilisable pour les équipes afin de corriger les problèmes et facilement vérifier la correction. Lors de la présentation des résultats, les équipes ont apprécié l'aspect didactique et très synthètique.

Guillaume Postaire - Directeur technique adjoint de la direction numérique ( France Télévisions )

Nous avons fait appel à la société RandoriSec pour réaliser des tests d'intrusion. Que ce soit en amont , pendant ou après la réalisation de ces tests , nous avons eu à faire à des personnes d'un grand professionnalisme. La communication positive et les recommandations qu'ils nous ont donné nous ont permis d'améliorer notre sécurité. De plus, il n'y a pas de dérapage budgétaire.

Patrick Noailhac. DOSI Directeur conformité IT. Groupe Andros( Bla )

Latest Blog

View All
Jan 21, 2019
[Training/Conference] HIP – Mobile Hacking Training (17/18 June)
Dec 22, 2018
Client side validation strikes again: PIN code bypass !
Dec 18, 2018
[s03e01] RCE on Geutebruck IP Cameras

Get Connect With Us

Twitter
Facebook
Google plus
Linkedin
Address

4, Rue de Marivaux, 75002 Paris, France.

Call Us

+33 06 77 67 57 27

Email

davy _at_ randorisec.fr