English
FrançaisWe break the invisible
Most security firms test networks and web apps. We test the invisible layer — the radio signals, the embedded firmware, the hardware that connects your most critical systems to the physical world.
With 15+ years of hands-on RF and hardware security research, Penthertz delivers assessments beyond what generalist firms do. We bring our own radio equipment, custom tools, and deep protocol knowledge to every engagement — from 5G base stations to vehicle buses, from LoRa sensors to satellite or exotic receivers or transmitters.
Our clients include defense agencies, aerospace manufacturers, telecom operators, and critical infrastructure providers across Europe, the US, and Asia.
What sets us apart
- Exclusive focus on wireless & hardware security
- We bring our own RF equipment & custom tools
- 69+ publications and CVEs discovered
- Research presented at many conferences
- Trusted by defense, aerospace & government agencies
150+
Security missions
110+
Clients served
69+
Publications
13+
Countries served
Assessment Services
Each engagement is tailored to your specific environment, threat model, and regulatory requirements. We don't run generic scans — we think like attackers who specialize in your exact technology stack.
Wireless & RF Penetration Testing
Our flagship service. We intercept, analyze, and attack wireless communications across the full RF spectrum — from sub-GHz remotes to 5G NR or even to most exotic communications. Using our radio equipment and custom tools (including RF Swift), we cover the whole radio part that is at risk.
Discuss your RF assessment needsWhat we assess
- Cellular networks — 2G, 3G, 4G/LTE, 5G NR, Open RAN
- Wi-Fi — WPA2/WPA3, EAP, enterprise networks, Wi-Fi HaLow
- Bluetooth & BLE — protocol fuzzing, sniffing, MITM
- RFID / NFC — access control, payment systems
- LoRa / LoRaWAN — IoT & industrial deployments
- Sub-GHz — remotes, alarms, intercoms, custom protocols
- Satellite & GNSS — signal spoofing, jamming assessment
- Power-Line Communications — PLC protocol analysis
- Exotic communications of all sorts...
Embedded Device & Hardware Security
We go beyond software — physically opening devices, probing debug interfaces, extracting firmware, and analyzing silicon. Our hardware lab is equipped for chip-off, glitching, side-channel analysis, and protocol reverse engineering. We find vulnerabilities at the silicon and firmware level that software-only assessments miss entirely.
Request a hardware assessmentTechniques & scope
- Firmware extraction — JTAG, SWD, UART, SPI, chip-off
- Fault injection — voltage glitching, EM fault injection
- Firmware analysis — reverse engineering, secret extraction
- Debug interface bypass — readout protections, locked chips
- Bus sniffing — I²C, SPI, CAN, UART interception
- Secure boot & TEE — trust chain evaluation
Automotive & V2X Hacking
Modern vehicles are rolling wireless platforms — cellular, Wi-Fi, Bluetooth, GNSS, V2X, CAN, and more, all interconnected. We assess the full attack surface of connected vehicles and transportation systems: from infotainment head units and telematics to V2G charging stations and inter-vehicle communications. Our team has been featured in French television for our work in automotive cybersecurity.
Discuss automotive securityWhat we assess
- CAN bus — sniffing, injection, ECU fuzzing
- In-Vehicle Infotainment (IVI) — attack surface analysis
- Telematics & TCU — cellular modem, remote access
- V2X / C-V2X — vehicle-to-everything communication
- V2G / charging — EV charging station security
- GNSS / GPS — spoofing, jamming, relay attacks
- Keyless entry — relay attacks, rolling code analysis
- Bluetooth & Wi-Fi — in-vehicle wireless interfaces
Vulnerability Research & Fuzzing
We go deeper than standard pentests — hunting for unknown vulnerabilities in your products before they ship. Using protocol fuzzing, firmware emulation, and manual reverse engineering, we uncover 0-days that automated scanners will never find. Penthertz have discovered and responsibly disclosed vulnerabilities in major telecom equipment, IoT devices, and embedded systems.
Discuss vulnerability researchOur approach
- Protocol fuzzing — over-the-air & wired protocol stacks
- Baseband fuzzing — 2G/3G/4G/5G modem testing
- Firmware emulation — virtual testbeds for safe analysis
- Reverse engineering — binary analysis, protocol dissection
- Library auditing — third-party component analysis
- Responsible disclosure — coordinated CVE reporting
Red Team & Physical Intrusion
Physical security is wireless security. We test your building access controls, alarm systems, and surveillance infrastructure using real-world RF attack techniques. Our Red Team operations combine RFID badge cloning, wireless alarm bypassing, intercom exploitation, and OTA attack vectors to demonstrate how attackers breach physical perimeters — without touching a single network cable.
Plan a Red Team engagementAttack vectors
- RFID/NFC cloning — badge duplication & emulation
- Alarm system bypass — sub-GHz jamming & replay
- Intercom exploitation — access control circumvention
- Wireless surveillance — camera & sensor analysis
- Drone reconnaissance & hijack — aerial RF assessment
- Social engineering — combined physical + RF attack chains
Security Audits & Architecture Review
Not every engagement requires active exploitation. We also perform configuration audits, code reviews, and architecture assessments for wireless systems, IoT platforms, and embedded products. We evaluate your security posture against industry standards, identify design weaknesses, and provide actionable recommendations before vulnerabilities become exploitable.
Request a security auditScope
- Architecture review — wireless system design analysis
- Configuration audit — network, cloud, and device settings
- Source code review — firmware, protocol stacks, drivers
- Compliance — ETSI, 3GPP, GSMA, ANSSI, UNECE R155
- Threat modeling — attack surface mapping for your product
How an Engagement Works
Scoping
Define targets, threat model, and rules of engagement together.
Reconnaissance
RF spectrum analysis, hardware inspection, signal identification.
Analysis
Protocol reverse engineering, firmware extraction, vulnerability identification.
Exploitation
Proof-of-concept attacks demonstrating real impact and risk.
Reporting
Detailed findings with risk ratings, remediation, and executive summary.
Follow-up
Remediation support, retest, and long-term vulnerability monitoring.
Example: Connected Vehicle Compromise
A simplified example of how we chain multiple wireless and hardware attack vectors during a typical automotive engagement. Each step exploits a different layer — from RF to CAN bus to backend.
Industries & Sectors
Our clients trust us with their most sensitive systems. Due to the nature of our engagements, we maintain strict confidentiality.