f

Baldur
Security

Research-driven security consultancy that helps you discover and remediate vulnerabilities before attackers abuse them.

LET US HELP YOU WITH PENETRATION TESTING TODAY →

What Differentiates Us

We can find vulnerabilities in just about anything. Browsers? Phones? Web Applications? Hardware? - Don't take our word for it, instead take a look at all the CVE's we've been responsibly disclosing.

CVE-2025-11208
Spoofing Vulnerability
Google Chrome Media Component
CVE-2025-32017
Authenticated Remote Code Execution
Umbraco CMS
CVE-2024-31963
Unauthenticated Remote Code Execution
Mitel IP Phone
CVE-2024-31964
Authentication Bypass
Mitel IP Phone
CVE-2023-32782
Remote Code Execution as SYSTEM
PRTG Dicom Query Sensor
CVE-2023-32781
Remote Code Execution as SYSTEM
PRTG HL7 Sensor
CVE-2023-31452
CSRF Credential Leakage
PRTG Network Monitor
CVE-2023-31451
Sensitive File Disclosure via Regex
PRTG Network Monitor
CVE-2023-31450
Path Traversal in SQL Sensor
PRTG Network Monitor
CVE-2023-31449
Path Traversal in WMI Sensor
PRTG Network Monitor
CVE-2023-31448
Path Traversal Vulnerability
PRTG HL7 Sensor
CVE-2023-24037
Authentication Bypass
Nagios Monitoring System
CVE-2023-24036
Open Redirect Vulnerability
Nagios Monitoring System
CVE-2023-24035
Timing-Based Authentication Bypass
Nagios Monitoring System
CVE-2022-45871
Unauthenticated Memory Corruption
WithSecure fsicapd
CVE-2022-38165
Unauthenticated Arbitrary File Write
F-Secure Policy Manager
CVE-2022-38162
Multiple Cross-Site Scripting
F-Secure Policy Manager
CVE-2022-28885
Memory Corruption DoS
F-Secure Policy Manager
CVE-2020-12480
Global CSRF Bypass
Play Framework
CVE-2019-XXXXX
Heap Buffer Overflow to RCE
F-Secure Internet Gatekeeper
CVE-2018-9191
Local Privilege Escalation
Fortinet FortiClient

Our certifications

While real-world expertise is our foundation, we back it up with industry-leading certifications that validate our capabilities

OFFENSIVE SECURITY
OSCE
Offensive Security Certified Expert represents the pinnacle of penetration testing expertise. This advanced certification validates mastery of exploit development, advanced web application attacks, and sophisticated penetration testing methodologies that go beyond standard assessments.
PENETRATION TESTING
OSCP
Offensive Security Certified Professional is the gold standard in ethical hacking certifications. This hands-on, practical exam validates real-world penetration testing skills and is recognized globally as proof of technical expertise in identifying and exploiting security vulnerabilities.

Our Services

We offer a wide range of services within consulting. Even if you have a requirement that might fall out of this category, we might be able to help you either way.

Web App Assessment

In depth assessments of your web applications. We're seasoned in most tech stacks and won't hesitate on doing a code review.

Assume Breach

Test the scenario of a breached employee and see how far an skilled adversary can go in your network, and help mitigate the threats afterwards.

Cloud Security

Whether you have a AWS, Google or Azure cloud we can assist you in the best practices around securing these technologies.

Source Code Audit

Our preferred testing methodology for testing applications is dynamic testing combined with source code audits. This maximises the amount of vulnerabilites located.

DevSecOps

We can aid the process of ensuring your development security operations is up to the newest standards and aid with any automation that the platform might require.

Binary Exploitation

Testing binary applications using state of the art fuzzers, and manual instrumentation to maximise the coverage. Furthermore we can help you assess the exploitability of a given issue.