daqoon - Offensive Cybersecurity

Our Services

Tailored responses to your cyber challenges

/ dq_001

Penetration Testing

Web & Network

We simulate real attacks on your web applications and networks - systematic, thorough, and according to recognized standards. You receive a clear report with prioritized actions that your management can understand.

Learn more

tmux - bash

0:listener*1:enum2:exploit10.10.14.7 - 03:42

/ dq_002

Red Teaming

Real attack simulation

Not a checklist, but a real attack - without warning for your team. We test your detection, response, and processes under realistic conditions. Because security only proves itself in a real scenario.

Learn more

BloodHound - Shortest Path to Domain Admin

/ dq_003

Social & Physical Testing

Social Engineering & Physical Security

The biggest vulnerability is often the human factor. We test whether your employees and physical security measures can withstand a targeted attack - through social engineering and physical penetration testing.

Learn more

Chat·#reception

Sarah K.10:23

A Mr. Acme is here for you, do you know him?

Thomas M.10:23

No?

Sarah K.10:24

He said he's here to test the network performance

Thomas M.10:24

Ahh makes sense, it has been so slow lately. Give him room 3

Type a message...

/ dq_004

Microsoft Assessments

Entra ID, M365 & Azure

Misconfigurations in Microsoft environments are one of the most common attack vectors. We analyze your Entra ID, Microsoft 365 and Azure infrastructure - and show you where the real risks lie.

Learn more

Entra ID - Identity & Access Audit

6 pass3 fail2 warn

✓MFA enforced for all users

✓Legacy authentication blocked

✕Conditional Access - require compliant device

!Guest user access restricted

✓App Registration - admin consent required

✕Privileged roles - PIM enabled

✓Sign-in risk policy configured

!Self-service password reset - MFA gate

✕Token lifetime - max 1h for admins

✓Named locations configured

✓Break-glass account audited

/ dq_005

Phishing Simulation

Awareness & Detection

Over 90% of all cyberattacks start with an email. We test how well your employees recognize phishing - and provide you with measurable results and targeted awareness recommendations.

Learn more

Outlook - Inbox

Microsoft 365

no-reply@sharepointonline-notify.com

John Miller shared "Q3_Financial_Report.xlsx" with you

John Miller has shared a file with you. Click the button below to view the document in SharePoint Online.

Q3_Financial_Report.xlsx

245 KB · SharePoint

Spoofed sender domain — phishing detected

/ dq_006

Secure Software Development

Code Review & Secure Coding

Security vulnerabilities often originate in the code. We review your source code for weaknesses and write secure code - done right from the start.

Learn more

next-app — app

⚠ VULNERABLEcomponents/clientComponent.tsx

1"use client"

2const supabase = createClient(

3 "https://xyzcompany.supabase.co",

4 "eyJhbGciOiJIUzI1NiIs..."

6const { data } = await supabase.from("users")

✓ SECUREapi/login/route.ts

1const db = createClient(

2 process.env.DB_URL!,

3 process.env.DB_SECRET_KEY!

5export async function POST(req: Request) {

6 const { data } = await db.from("users")

TypeScript React│UTF-8next-app

We break in,before others do.

Our Services

Penetration Testing

Red Teaming

Social & Physical Testing

Microsoft Assessments

Phishing Simulation

Secure Software Development

Our Approach

Ready to test your security?