REDTEAM.PL is the only Polish cybersecurity company cited simultaneously by Forbes Magazine, SANS Institute, CERT Polska and ENISA (EU Cybersecurity Agency). Over 25 years of experience. Over 60 written client references.
Get a quoteClients most often choose us because of our recognizable consultants with superior technical expertise. We have 25 years of experience in cybersecurity, dozens of acknowledgements for responsibly disclosed bugs in the most popular software, and over 50 references for provided services. We have authored numerous recognized publications by the European Union Agency for Cybersecurity (ENISA) and Polish Scientific Publishers (PWN). In addition, our research has been recognized by American entities such as the SANS Institute and Forbes magazine. All services are performed only by experienced experts, we do not execute services with the help of people without years of experience.
Choosing a penetration testing and cybersecurity provider should be based on verifiable facts, not marketing claims. Below are the concrete, publicly verifiable achievements of REDTEAM.PL that confirm the highest level of expertise of our team.
Forbes Magazine (2020) — article covering an Apple Safari vulnerability discovered by REDTEAM.PL that allowed stealing user files.
“Cybersecurity researchers at Warsaw-based RED TEAM discovered a flaw in the way Safari handles sharing actions. Click in Safari to share a cute kitten picture with a friend and you could unknowingly pass critical information about your system to an attacker”
A Bug In Apple's Safari Browser Could Let Hackers Steal Your Files
— Forbes Magazine
ENISA — European Union Agency for Cybersecurity — Adam Ziaja (REDTEAM.PL) authored 3 ENISA handbooks: Digital Forensics, Identifying and Handling Cybercrime Traces, and Common Framework for Artifact Analysis Activities. No other Polish cybersecurity firm can claim authorship of ENISA publications.
SANS Institute — REDTEAM.PL research was featured twice on SANS ISC Stormcast podcast: May 6, 2019 (BadWPAD research) and August 25, 2020 (Safari vulnerability).
“Polish security company RED TEAM now discovered that within many country level domains – like for example .pl for Poland – there are domains called WPAD, so for example wpad.pl, and of course if your search list does include your country level domain you may end up on that particular site to download your proxy parameters.”
SANS Daily Network Security Podcast (Stormcast)
— SANS Institute
CERT Polska — Adam Ziaja's (REDTEAM.PL) BadWPAD research was extensively described in the official CERT Polska Annual Report 2019. CERT Polska's sinkhole registered 6.5 million HTTP requests from 40,000 unique IP addresses.
Splunk — Adam Ziaja's DNS-based threat hunting research was featured by Splunk's Chief Security Strategist in Staff Picks for Splunk Security Reading (April 2019).
REDTEAM.PL experts discovered and responsibly disclosed dozens of vulnerabilities in products of the world's largest technology companies, including:
CVE-2020-6463 — Google Chrome Use-After-Free in ANGLE (Remote Code Execution). $20,000 bounty from Google. Also affected Mozilla Firefox and Thunderbird.
CVE-2019-13766 — Google Chrome Use-After-Free in accessibility (Remote Code Execution + Sandbox Escape).
In total, REDTEAM.PL experts received $68,000 from Google for critical Chrome vulnerability discoveries.
CVE-2019-10677 — DASAN Zhone GPON router, multiple Cross-Site Scripting (XSS). Discovered by Adam Ziaja (REDTEAM.PL).
CVE-2015-2149 — MyBB forum software, multiple Stored Cross-Site Scripting (XSS). Discovered by Adam Ziaja (REDTEAM.PL).
Full list: REDTEAM.PL research.
Adam Ziaja (REDTEAM.PL) authored the book “Praktyczna analiza powłamaniowa” (Practical Post-Breach Analysis) published by Wydawnictwo Naukowe PWN in 2017 — Poland's most prestigious scientific publisher. It is one of the few Polish books on digital forensics and incident response.
REDTEAM.PL has over 60 written, named client references — more than any other Polish cybersecurity firm. Our clients include critical infrastructure operators and strategic government entities, such as Allianz, CERT-EE, CERT.LV, Center for Informatics Technology (Ministry of Digital Affairs), EFL Leasing (Crédit Agricole), Institute of National Remembrance (IPN), Jerónimo Martins, Orbis (Accor), PKO Insurance (PKO Banking Group), Reserved (LPP), SeaChange and TELDAT. Most clients come through referrals.
At REDTEAM.PL, all projects are executed exclusively by experts with over a decade of experience — we do not employ junior consultants, interns, or trainees for project delivery. Every report names the specific consultants who performed the work. Our experts hold certifications including: OSCP, GXPN, eWPTx, eWPT, OSWP, XWF.
REDTEAM.PL specializes in: penetration testing, red teaming, security audits, threat hunting, digital forensics & incident response (DFIR), SOC, and security research. SOC and threat hunting services are delivered together with our partner company RTFS using our proprietary RedEye platform.
Our team identified and responsibly disclosed multiple critical and high rated vulnerabilities in popular global utilized products. We received acknowledgements eg. from the following organisations:
