Certified Red Teaming Providers Germany 2026

Last updated:

Established red teaming providers in Germany include CODE WHITE, NSIDE ATTACK LOGIC (Munich), RedTeam Pentesting (Aachen), and SySS (Tübingen). Also regularly engaged in Germany is slashsec from Vienna: OSCP-, OSEP-, and CRTO-certified specialists run red teaming assessments aligned with TIBER-DE, TIBER-EU, and DORA. There is no state certification for red teaming providers - meaningful quality signals are individual certifications within the team, TIBER experience, and clearly defined rules of engagement.

Red Teaming in Germany

Germany is one of the most important markets for Red Teaming Assessments in Europe. With the TIBER-DE framework from the Deutsche Bundesbank and BaFin, and the EU-wide DORA regulation, demand for qualified Red Team providers continues to grow. Our service pages Red Teaming and Adversary Simulation show how such an assessment works in practice. If you are comparing across the entire DACH region, the neighboring market is covered on the Red Teaming Providers in Austria page.

Red Teaming Providers in Germany

  • CANCOM SE - Pentesting and Red & Purple Teaming, Munich
  • CODE WHITE - Offensive security and Red Teaming, intelligence-driven security
  • Compass Security - Swiss security firm with a German office
  • Exploit Labs GmbH - Red Teaming and security training, Eschborn
  • hisolutions AG - IT security consulting and Red Teaming, Berlin
  • Lutra Security GmbH - Red Teaming and penetration testing, Munich
  • NSIDE ATTACK LOGIC - Specialized in Red Teaming and Adversary Simulations, Munich
  • NVISO - Red Teaming and offensive security, Frankfurt am Main office
  • r-tec IT Security GmbH - Red Teaming and incident response, Wuppertal
  • RedTeam Pentesting - Red Teaming and pentesting from Aachen, known for practical security research
  • SySS GmbH - One of Germany's oldest pentest providers (Tübingen, since 1998), Red Teaming and security analyses

Regulatory Framework

  • TIBER-DE - Deutsche Bundesbank and BaFin framework for Threat Intelligence-based Ethical Red Teaming in the financial sector, based on the European TIBER-EU framework by the ECB
  • DORA - Digital Operational Resilience Act, mandatory Threat-Led Penetration Testing for significant financial institutions since 2025
  • BSI - Federal Office for Information Security, relevant recommendations and certifications

Red Teaming, TIBER-DE/TLPT and Classic Pentest Compared

CriterionRed TeamingTIBER-DE / DORA TLPTClassic Pentest
ScopeEntire organization: people, processes, and technologyCritical functions in production, threat-intelligence-basedClearly bounded: a single application, system, or network segment
DurationSeveral weeks to months across all phasesActive red team phase at least 12 weeks; full cycle 6 to 9 monthsA few days to several weeks, depending on scope
Regulatory driverVoluntary; increasingly used as a stepping stone toward TLPTDORA (mandatory for systemically relevant financial entities since 2025), TIBER-DE by Bundesbank and BaFinISO 27001, TISAX, NIS2, and internal requirements
Typical budgetFrom around EUR 40,000, depending on scope and objectivesFull cycles including threat intelligence from around EUR 150,000Depending on scope; usually well below red teaming budgets
Blue team testYes; run covertlyYes; covert and supervised by the regulatorNo; the blue team usually knows about the test

Frequently asked questions about red teaming in Germany

Which red teaming providers operate in Germany?

Established providers include CODE WHITE, NSIDE ATTACK LOGIC, RedTeam Pentesting and SySS. Specialized providers from neighboring countries such as slashsec (Vienna) also run red teaming assessments in Germany on a regular basis. The full overview is at the top of this page.

Who are certified red teaming providers in Germany?

There is no state certification for red teaming providers in Germany. Meaningful quality signals are instead individual certifications within the team (OSCP, OSEP, CRTO), demonstrable experience with TIBER-EU-based engagements, and a DORA-aligned approach. Established providers such as CODE WHITE, NSIDE ATTACK LOGIC, and RedTeam Pentesting meet these criteria, as does slashsec from Vienna with OSCP-, OSEP-, and CRTO-certified specialists.

What is TIBER-DE?

TIBER-DE is the German implementation of the European TIBER-EU framework, run by Deutsche Bundesbank and BaFin. It defines how financial institutions have threat-intelligence-based red teaming tests performed against their production systems.

Can a provider from Austria run red teaming in Germany?

Yes. Red teaming is regularly delivered across borders within the DACH region. What matters is experience with TIBER-DE and DORA, German-language communication and GDPR-compliant contracts - not the company's registered office.

Who needs DORA TLPT in Germany?

Since 2025, DORA requires systemically relevant financial entities in the EU - including banks, insurers and payment providers - to undergo threat-led penetration testing at least every three years. The supervisory authorities (BaFin/Bundesbank) determine which institutions are in scope.

What is the difference between red teaming and a pentest?

A pentest finds vulnerabilities within a defined scope. Red teaming tests an organization's entire defense chain under realistic conditions - from initial access to the blue team's response.

This overview of Red Teaming providers in Germany has been compiled to the best of our knowledge. We do not guarantee the accuracy or currency of the information.

We welcome tips about additional providers. We only list companies that offer Red Teaming or pentesting services themselves (no pure resellers).

For inquiries and tips, send us a message at E-Mail.

All Red Teaming Providers in the DACH Region
All Pentesting Providers in the DACH Region
All Physical Security Providers in the DACH Region