English
FrançaisWe break the invisible
We simulate real-world attacks against your wireless systems, embedded devices, vehicles, and physical perimeters — using the same techniques, tools, and equipment as real threat actors.
Penthertz is active vulnerabilities discovery, develops exploits, and presents at international conferences. Every pentest we run is custom-built for your technology stack — not a checklist from a scanner.
We bring our own radio equipment, RF/SDR hardware, and custom tools to every mission. From 5G base stations to building alarm systems, from vehicle CAN buses to satellite, drones or even exotic receivers. If it transmits, we test it.
Our pentest approach
- Black / grey / white box methodologies
- We bring our own RF & hardware equipment
- Custom methodologies & exploits — not just scanner output
- Full attack chain demonstration
- Actionable remediation roadmap
Wireless & RF Penetration Testing
Our flagship service. We intercept, analyze, and attack wireless communications across the full RF spectrum. Using our radio equipment and custom tools (including RF Swift), we cover the whole radio part that is at risk.
Discuss your RF pentestTechnologies covered
- Cellular: 2G, 3G, 4G/LTE, 5G NR, Open RAN
- Wi-Fi: WPA2/WPA3, EAP, enterprise, Wi-Fi HaLow
- Bluetooth & BLE: fuzzing, sniffing, MITM
- RFID / NFC: access control, payment
- LoRa / LoRaWAN: IoT & industrial
- Sub-GHz: remotes, alarms, intercoms
- Satellite & GNSS: spoofing, jamming
- PLC: Power-Line Communications hijacking
- Exotic communications of all sorts...
Embedded Device & Hardware Pentesting
We physically open devices, probe debug interfaces, extract firmware, and exploit silicon-level weaknesses. Our hardware lab is equipped for chip-off, glitching, side-channel analysis, and bus interception. We find attack paths that software-only pentests miss entirely.
Request a hardware pentestAttack techniques
- Firmware extraction: JTAG, SWD, UART, SPI, chip-off, and more
- Fault injection: clock/voltage glitching, EM injection, and more
- Debug interface bypass when possible: readout protections, locked chips
- Bus sniffing & injection: I²C, SPI, CAN, UAR, and more
- Trust chain exploitation
Red Team & Physical Intrusion
Physical security is wireless security. We test your building access controls, alarm systems, and surveillance using real RF attack techniques. Our Red Team operations combine RFID badge cloning, wireless alarm bypassing, intercom exploitation, OTA attack vectors, and also Social Engineeing — breaching physical perimeters without touching a single network cable.
Plan a Red Team engagementAttack vectors
- RFID/NFC cloning: badge duplication & emulation
- Alarm system bypass: sub-GHz jamming & replay
- Intercom exploitation: access control circumvention
- Wireless surveillance: camera & sensor analysis
- Drone reconnaissance & hijack: aerial RF assessment
- Social engineering: combined physical + RF chains
Example: Successful connected vehicle compromise
How we chain multiple wireless and hardware attack vectors during a typical automotive engagement — from RF to CAN bus to backend.
Tools & Equipment
RF Swift, USRP, BladeRF, HydraSDR, some Spectrum Analyzers, Proxmark3, Ubertooth, GNU Radio, Scapy, srsRAN, Open5GS, OpenBTS, Wireshark, Frida, Ghidra, custom fuzzers, and our own proprietary tooling built from years of R&D.