Responsive image


GG-Sec is specialized in providing IT security consulting services with the goal to uncover real world vulnerabilities in your systems and applications


GG-Sec has been founded by Johannes Baer who is a Penetration Tester and Security Researcher based in Berlin, Germany.

GG-Sec offeres a variety of IT security services, mainly focusing on the offensive branch and in-depth analysis of systems and software.

SCADA and ICS Security Audits

Having long-year experiences of the specifics and characteristics of critical infrastructure, GG-Sec offers performing SCADA and ICS penetration tests.

  • Distributed control systems
  • PLCs and HMIs in wide varieties
  • Industrial protocol gateways
  • Smart Grid / Smart Metering
  • Industrial protocol gateways for diverse protocols


Application Testing & Source Code Analysis

Performing technical security analysis of your web, native or mobile applications is a core service GG-sec provides

  • Web applications
  • API based web applications
  • Source code analysis
  • Mobile applications
  • Native Desktop applications


Reverse Engineering & Vulnerabiltiy Discovery

GG-sec offers reverse engineering and vulnerability discovery in compiled software

  • Static and dynamic analysis of binaries using disassembly, decompiling and debugging approaches
  • Vulnerabiltiy discovery using modern fuzzing approaches
  • Identification of vulnerability classes the bug belongs and their potential exploitability
  • Proof-of-concept development of working exploits


Red Teaming & Advanced Attacker Simulation

GG-Sec offers attack simulations using advanced attacker tooling which allows testing a business's resilience against real-life threats.

  • Breaching outer defenses of company and gaining initial foothold
  • Windows Active Directory lateral movement and privilege escalation
  • Challenging companies internal detection mechanisms


Automated & Manual Vulnerability Assessments

Vulnerability assessments of a companies internet facing services as well as of internal IT infrastrucutre

  • Automated and sophisticated vulnerability assessments of large network segments
  • Manual analysis of network services to uncover potential security vulnerabilities
  • Help companies implement their own vulnerability management environment


Security Trainings & Workshops

Security trainings and dedicated workshops for different positions and skill levels

  • Various security workshops for your companies custom needs
  • Vulnerabiltiy management trainings for administrators
  • Application security workshops for developers



Feel free to reach out