We are a team of recognised cybersecurity experts with over 20 years experience. We gain dosen of official references from satisfied clients as well as acknowledgements for vulnerability reports in most common applications in a responsible manner. We are highly recommended and this is how we gain most new clients – find out why.
Get a quoteOur team identified and responsibly disclosed multiple critical and high rated vulnerabilities in popular global utilized products. We received acknowledgements eg. from the following organisations:
When choosing a cybersecurity service provider, wide competencies of consultants should be the priority – this is the crucial element with direct impact to service performance.
“I chose RED TEAM because of their positive feedback from prior customers, their swift and accurate response to my enquiry, and their reasonably priced services. RED TEAM identified a vulnerability that had not been identified by TWO previous penetration testing firms.”
Security Architect, Software Development Company from New York City
— Clutch
What makes a mid-level specialist a branch expert? Is that a matter of a title? Practice and achievements on the field are making an expert also come together with wide appreciation in the market. This is the crucial feature which stands us out and clients choose us from other cybersecurity specialists. As one of a few companies we can boast substantive and verified information concerning our consultant competencies and experience. Entire team is composed of experts – we do not implement projects engaging inexperienced staff (e.g. students, interns etc). You can be sure that all tasks are performed by people whose profile you can find in our offer. We have been engaged in cybersecurity since late 90’ consequently we have more than 20 years of practice.
“Cybersecurity researchers at Warsaw-based RED TEAM discovered a flaw in the way Safari handles sharing actions. Click in Safari to share a cute kitten picture with a friend and you could unknowingly pass critical information about your system to an attacker”
A Bug In Apple’s Safari Browser Could Let Hackers Steal Your Files
— Forbes Magazine
Cybersecurity in a field that requires thinking outside the box, creative approach to security tests. A series of our studies are published on our techblog, they were also awarded e.g. by CERT Polska („Security of Polish Cyberspace, Annual report 2019 on the activity of CERT Polska”), american edition of Forbes („A Bug In Apple’s Safari Browser Could Let Hackers Steal Your Files”), or several times by american institute SANS („SANS Daily Network Security Podcast (Stormcast), May 6th 2019”, „SANS Daily Network Security Podcast (Stormcast), August 25th 2020”). Moreover, we are authors of recognisable scientific papers, „Practical computer forensics analysis” and ENISA – European Union Agency for Cybersecurity („Digital forensics”, „Identifying and handling cybercrime traces”, „Common Framework for Artifact Analysis Activities”), published over 11 years ago and concerning threat intelligence at the times the term was not in common use.
Z pomocą @redteampl przejęliśmy domeny w strefie .pl mogące zostać wykorzystane w podatności #BadWPAD. W najnowszym artykule opisujemy szczegóły techniczne podatności i zalecenia dla administratorów oraz użytkowników. https://t.co/mS9jXECNfc
— CERT Polska (@CERT_Polska) 14 czerwca 2019
“In 2019, Adam Ziaja published a series of articles on the use of BadWPAD in the .pl domain. [...] analysed the content of the wpad.dat file in successive years on the basis of the indexed content available at archive.org. It was found that due to the rules contained in the PAC file, requests to popular affiliate programs were resolved through the pointed proxy. [...] From 15 May to 22 May 2019, the CERT Polska sinkhole registered 6.5 million HTTP requests from approximately 40,000 unique IP addresses.”
Security of Polish Cyberspace
— CERT Polska
Our team members were among the forerunners of now popular bug bounties designed for researchers to submit identified vulnerabilities. Last decade we have received dozens of acknowledgements for responsibly disclosed gaps in security from globally known organisations as Adobe, Apple, BlackBerry, Deutsche Telekom, eBay, Google, Harvard University, Microsoft, Netflix, Nokia, VMware, Yahoo or Yandex. We also received them as official references from Polish companies as Onet, Interia, Wirtualna Polska, Empik and Home.pl.
At the turn of 2019/2020 we performed vulnerability research on the most popular web browser - Google Chrome and disclosed critical vulnerabilities (later named as CVE-2019-13766 and CVE-2020-6463) and gained award from Google enterprise with cumulative value $68,000.
Today i received some great swag from Google VRP, thanks! Also „Working as Intended” was pure gold :) pic.twitter.com/ukc7PdND9k
— Pawel Wylecial (@h0wlu) 26 listopada 2020
For the research on badWPAD attack we were not only honoured by CERT Poland (Polish computer emergency response team), CERT Orange and american institute SANS, but received acknowledgments from national european CERTs – estonian CERT-EE and latvian CERT.LV too. REDTEAM.PL CERT became internationally recognised in effect.
“Polish security company RED TEAM now discovered that within many country level domains – like for example .pl for Poland – there are domains called WPAD, so for example wpad.pl, and of course if your search list does include your country level domain you may end up on that particular site to download your proxy parameters.”
Transkrypcja nagrania (4:35, 5:13)
SANS Daily Network Security Podcast (Stormcast)
— SANS Institute
For years we managed many technical issues of broadly understood cybersecurity - both offensive and defensive - which is why we have a comprehensive approach. As early as in 2014 Adam Ziaja - Chairman of the Board was a member of a team of three that won Cyber Europe international workshops arranged by ENISA for CERTs. The SOC service (Security Operation Center) we offer is an effect of our 12 years professional experience in CERT and SOC. As a result we develop a new threat hunting, 24/7 high quality security monitoring tool – RedEye. In particular APT (Advanced Persistent Threat) offences can be disclosed using this tool. Moreover providing digital forensic and incident response we use certified hardware and software thus entrusted devices and evidence are treated appropriately. Furthermore for entitled parties formal forensic expertise can be delivered.
Over the last decade, we have repeatedly been speakers at recognized scientific conferences, such as Technical Aspects of ICT Crime (TAPT) organized by the Police Academy in Szczytno (WSPol), or Security Case Study organized by Polish Cybersecurity Foundation. Moreover, already in 2014, at the SyScan360 international conference held in Beijing, we presented the results of our research on mobile browser security. We also participated in debates as experts at, among others, the PolCAAT conference organized by the Institute of Internal Auditors IIA Poland.
Threat hunting using DNS firewalls and data enrichment - nice work by @adamziaja https://t.co/xowhtqR3BR #cybersecurity #DNS #infosec
— Raj Samani (@Raj_Samani) 15 sierpnia 2019
In the REDTEAM.PL team we all have more than 10 years experience and one of the widest competencies on the market. Thanks to a professional and compliant approach we gain more than 50 official references for our cybersecurity service. Highest quality is our best advertisement and the reason why we are not using resources for marketing or sales campaigns. From 2017 we operate based only on widespread good opinion about our competencies and recommendations from satisfied clients.
As one of the very few cybersecurity companies, brocage in hardware sell or licenses cross selling (e.g. antivirus software) is not a part of our business strategy. We stay focused on providing information security technical services and make our recommendations or advice independent from product selling commision. We are capital self-contained as well – RED TEAM Sp. z o.o. share capital comes 100% from Board Members (Adam Ziaja and Paweł Wyleciał). Years of professional work and raised competencies in numerous aspects of cybersecurity, both offensive and defensive, enable us to have a wider view to IT security. Last years american institute SANS relied on research conducted by both of our Board Members. Knowledge acquired in the last two decades in the field of IT and cybersecurity enable us to be a couple steps ahead of cybercriminals and APT groups.
Reaching REDTEAM.PL you will work directly with founders proactive in negotiation, execution and controlling stages of project activities. Be invited to cooperate with us!
The company founders have a rich professional experience, additionally confirmed with certificates recognised worldwide, publicly presented research, references and thanks from known companies such us Google, Microsoft, Apple (references available upon request).
Chairman of the board and a co-founder of REDTEAM.PL. Has a wide professional experience both in offensive and defensive cybersecurity.
Board member and a co-founder of REDTEAM.PL. For many years focused on mostly offensive security research and having many accomplishments in the field.