About GreenLock

Experts in Offensive Security and Cyber-Threat Intelligence.

Expertise

Founded in 2015 by senior security experts, GreenLock Advisory is (and will always be) an independent consulting and audit firm. The diversity of our expertises allows us to offer support in the most appropriate way to the needs of our clients.

Values

Cyber-Security is a wide domain, in perpetual transformation and increasingly business impacting. New vulnerabilities and attack scenarios are revealed every day and organizations have to face them. Be rational, relevant and independent are the three pillars that compose our mindset when we intervene. We believe this strategy leads to efficiency, providing actionable and practical results. Because we want to maintain our skills at a very high level, about one-fifth of our time is dedicated to infosec watching, trainings and attending conferences.

Objectives

We are conscious that security recommendations could appear very technical in the first instance to our interlocutors. We are committed to systematically adapting the level of detail of our speech to each one of them. The challenge is to get our messages to the right level of abstraction, without losing essential information, so that they can make the best decision possible.


Latest News

Multiple vulnerabilities found with Davy Douhine from Randorisec on Guetebrück IP Cameras and responsibly disclosed (ICS-CERT advisory): Improper Authentication (CVE-2018-7532), SQL Injection (CVE-2018-7528), Cross-Site Request Forgery (CVE-2018-7524), Improper Access Control (CVE-2018-7520), Server-Side Request Forgery (CVE-2018-7516), Cross-site Scripting (CVE-2018-7512).
A Remote Arbitrary Code Execution vulnerability has been found in HPE Smart Storage Administrator version before v2.60.18.0 and responsibly disclosed (CVE-2016-8523) + development of the Metasploit plugin.
A Remote Arbitrary Code Execution vulnerability has been found in HPE Smart Storage Administrator version before v2.60.18.0 and responsibly disclosed (CVE-2016-8523) + development of the Metasploit plugin.
Article published in the french magazine MiscMag (MISC-085), focusing on state-of-art attacks during network security testing.
Under long-term contract with a financial institution to perform various preventive security activities: Penetration testing, Red team exercices, Sub-contractors on-site audits, Threat hunting/intelligence, Vulnerability Management Program.
Creation of the company. HQ set up in Paris, France.

Want more ? Visit our Github repo and our blog:


Our Services

Penetration testing, Code Review and Security Audits

Give us an IP, a domain, an URL and, eventually credentials. We will simulate real senarios like attackers do, using same techniques and tools. Every audit is a challenge we are excited to face, always in team.

Threat Intelligence

Cyber-Exposure and risks are continuously growing and fastly changing. We need to focus our efforts on relevant technologies and attack scenario regarding your assets and your business. We help to select and organize Cyber-Threat Intelligence feeds to gain visibility on actual risks.

Vulnerability Management

Regardless your organization size and IT/OT maturity, Vulnerability/Patch Management is a must-have process. We assist you to align your processes and tooling ecosystem with best pratices and you needs.

Governance & Strategy

Take benefit from our past experiences to build an efficient cybersecurity strategy and implement the related processes: Incident detection and response, Patch Management, Crisis resolution, Secure Coding, Internal IT/OT audit, ...

Tooling & Engineering

Automation and security tools offer a solid return on investments. Best practices recommend to continuously scan your organisation’s environment for any vulnerabilities or changes that might indicate a potential threat.

Trainings & Awareness

Looking for an introduction to security audits or learn about advanced penetration techniques ? Let's talk about it. We can also help you to enhance security awareness of your collaborators or VIP facing phishing campaign or other social engineering methods.

Company

GreenLock Advisory - EURL au capital de 5.000 euros
SIRET: RCS Paris 813 176 179 00022

Address

216 Rue de la Croix Nivert,
75015, Paris, France