We are a team of recognised cybersecurity experts with over 20 years experience. We gain dosen of official references from satisfied clients as well as acknowledgements for vulnerability reports in most common applications in a responsible manner. We are highly recommended and this is how we gain most new clients – find out why.
Our team identified and responsibly disclosed multiple critical and high rated vulnerabilities in popular global utilized products. We received acknowledgements eg. from the following organisations:
Why choose us?
When choosing a cybersecurity service provider, wide competencies of consultants should be the priority – this is the crucial element with direct impact to service performance.
What makes a mid-level specialist a branch expert? Is that a matter of a title? Practice and achievements on the field are making an expert also come together with wide appreciation in the market. This is the crucial feature which stands us out and clients choose us from other cybersecurity specialists. As one of a few companies we can boast substantive and verified information concerning our consultant competencies and experience. Entire team is composed of experts – we do not implement projects engaging inexperienced staff (e.g. students, interns etc). You can be sure that all tasks are performed by people whose profile you can find in our offer. We have been engaged in cybersecurity since late 90’ consequently we have more than 20 years of practice.
“Cybersecurity researchers at Warsaw-based RED TEAMdiscovered a flaw in the way Safari handles sharing actions. Click in Safari to share a cute kitten picture with a friend and you could unknowingly pass critical information about your system to an attacker”
A Bug In Apple’s Safari Browser Could Let Hackers Steal Your Files — Forbes Magazine
Z pomocą @redteampl przejęliśmy domeny w strefie .pl mogące zostać wykorzystane w podatności #BadWPAD. W najnowszym artykule opisujemy szczegóły techniczne podatności i zalecenia dla administratorów oraz użytkowników. https://t.co/mS9jXECNfc
“In 2019, Adam Ziaja published a series of articles on the use of BadWPAD in the .pl domain. [...] analysed the content of the wpad.dat file in successive years on the basis of the indexed content available at archive.org. It was found that due to the rules contained in the PAC file, requests to popular affiliate programs were resolved through the pointed proxy. [...] From 15 May to 22 May 2019, the CERT Polska sinkhole registered 6.5 million HTTP requests from approximately 40,000 unique IP addresses.”
Our team members were among the forerunners of now popular bug bounties designed for researchers to submit identified vulnerabilities. Last decade we have received dozens of acknowledgements for responsibly disclosed gaps in security from globally known organisations as Adobe, Apple, BlackBerry, Deutsche Telekom, eBay, Google, Harvard University, Microsoft, Netflix, Nokia, VMware, Yahoo or Yandex. We also received them as official references from Polish companies as Onet, Interia, Wirtualna Polska, Empik and Home.pl.
At the turn of 2019/2020 we performed vulnerability research on the most popular web browser - Google Chrome and disclosed critical vulnerabilities (later named as CVE-2019-13766 and CVE-2020-6463) and gained award from Google enterprise with cumulative value $68,000.
For the research on badWPAD attack we were not only honoured by CERT Poland (Polish computer emergency response team), CERT Orange and american institute SANS, but received acknowledgments from national european CERTs – estonian CERT-EE and latvian CERT.LV too. REDTEAM.PL CERT became internationally recognised in effect.
“Polish security company RED TEAM now discovered that within many country level domains – like for example .pl for Poland – there are domains called WPAD, so for example wpad.pl, and of course if your search list does include your country level domain you may end up on that particular site to download your proxy parameters.”
Transkrypcja nagrania (4:35, 5:13) SANS Daily Network Security Podcast (Stormcast) — SANS Institute
For years we managed many technical issues of broadly understood cybersecurity - both offensive and defensive - which is why we have a comprehensive approach. As early as in 2014 Adam Ziaja - Chairman of the Board was a member of a team of three that won Cyber Europe international workshops arranged by ENISA for CERTs. The SOC service (Security Operation Center) we offer is an effect of our 10 years professional experience in CERT and SOC. As a result we develop a new threat hunting, 24/7 high quality security monitoring tool – RedEye. In particular APT (Advanced Persistent Threat) offences can be disclosed using this tool. Moreover providing digital forensic and incident response we use certified hardware and software thus entrusted devices and evidence are treated appropriately. Furthermore for entitled parties formal forensic expertise can be delivered.
Over the last decade, we have repeatedly been speakers at recognized scientific conferences, such as Technical Aspects of ICT Crime (TAPT) organized by the Police Academy in Szczytno (WSPol), or Security Case Study organized by Polish Cybersecurity Foundation. Moreover, already in 2014, at the SyScan360 international conference held in Beijing, we presented the results of our research on mobile browser security. We also participated in debates as experts at, among others, the PolCAAT conference organized by the Institute of Internal Auditors IIA Poland.
In the REDTEAM.PL team we all have more than 10 years experience and one of the widest competencies on the market. Thanks to a professional and compliant approach we gain more than 50 official references for our cybersecurity service. Highest quality is our best advertisement and the reason why we are not using resources for marketing or sales campaigns. From 2017 we operate based only on widespread good opinion about our competencies and recommendations from satisfied clients.
As one of the very few cybersecurity companies, brocage in hardware sell or licenses cross selling (e.g. antivirus software) is not a part of our business strategy. We stay focused on providing information security technical services and make our recommendations or advice independent from product selling commision. We are capital self-contained as well – RED TEAM Sp. z o.o. Sp.k. share capital comes 100% from Board Members (Adam Ziaja and Paweł Wyleciał). Years of professional work and raised competencies in numerous aspects of cybersecurity, both offensive and defensive, enable us to have a wider view to IT security. Last years american institute SANS relied on research conducted by both of our Board Members. Knowledge acquired in the last two decades in the field of IT and cybersecurity enable us to be a couple steps ahead of cybercriminals and APT groups.
Reaching REDTEAM.PL you will work directly with founders proactive in negotiation, execution and controlling stages of project activities. Be invited to cooperate with us!
Meet Our Team
The company founders have a rich professional experience, additionally confirmed with certificates recognised worldwide, publicly presented research, references and thanks from known companies such us Google, Microsoft, Apple (references available upon request).
CERT.EE would like to thank REDTEAM.PL for the valuable information, which has helped us to improve security of IT resources of the Republic of Estonia. — Estonian National and Governmental CSIRT
REDTEAM.PL carried out internal and external network penetration tests and personnel awareness tests (red teaming). The team showed great commitment as well as a proactive attitude and flexibility during testing. We recommend cooperation with REDTEAM.PL. — Orbis (Accor Group)
We recommend REDTEAM.PL, the config review and penetration testing services requested by us were provided with the highest quality. The audit team demonstrated great commitment, professionalism and extensive knowledge. — Institute of National Remembrance (IPN)
REDTEAM.PL has performed penetration tests of the integration module with the payment operator of the Reserved online store. The work was completed on time and with due diligence, and the service provided was high quality. — Reserved (LPP)
REDTEAM.PL performed penetration testing of a web application. The work was carried out in a timely manner, with due diligence and professional ethics. — PKO Życie TU (PKO Banking Group)
REDTEAM.PL performs tasks in the field of security testing. The assignments are carried out on time and of high quality. — Center for Informatics Technology (Ministry of Digital Affairs)
REDTEAM.PL has performed penetration tests of a mobile application. The entrusted work has been carried out on time and with due diligence, which resulted in a high quality evaluation of the services provided. — Carefleet (Crédit Agricole Group)
REDTEAM.PL performed penetration testing of a web application. Tests were carried out within the agreed timeframe and with due diligence. Results of the work provided in the report were understandable. — Allianz
REDTEAM.PL has performed logs and disk images analysis. Computer forensics service was performed on time and with due diligence. The delivered results in the form of a report were comprehensible.
REDTEAM.PL performed penetration testing of an online store. The work was completed on time, with due diligence and was of high quality. — GO Sport
REDTEAM.PL carried out penetration tests of software produced by TELDAT. The work was performed professionally, on time and with due diligence. The conclusions in the form of a report were precise and related to all areas of interest to the contracting party. — TELDAT
We recommend cooperation with REDTEAM.PL for professionalism and full commitment in the provision of services related to the security of websites. — EFL Leasing (Crédit Agricole Group)
CERT.LV would like to thank REDTEAM.PL for the valuable information, which has helped us to improve security of IT resources of the Republic of Latvia. — Latvian National and Governmental CSIRT