Bourbon Offensive Security Services — Luxembourg
Most security assessments validate compliance.
They do not reflect how attackers actually operate.
We simulate attackers, not checklists.
Our philosophy
Built around the offensive perspective to anticipate risk, because the only way to efficiently identify threats is to think like the threat.
As a mindset. Real-world targeted scenarios, adversary simulation, penetration testing, vulnerability research. We think like attackers because that is what effective security requires.
As the end goal. Detection tuning, SOC improvements, threat intelligence, incident response powered by offensive knowledge to eliminate blind spots before they are exploited.
Bringing 15+ years of cross-discipline experience and turning it into actionable guidance. NIS2, governance, architecture reviews, training for organizations that want clarity, not reassurance.
Core expertise
Real-world attack scenarios built from active field exposure. Not theoretical frameworks. Not checkbox assessments.
Most engagements test whether controls exist. We test whether an attacker with a specific objective can reach it. The difference is the entire gap between a compliance audit and a real breach.
Focus on real compromise paths, not findings. Aligned with attacker objectives and business impact.
Built from genuine international offensive experience including active work on industrial IoT and OT exploitation chains. Direct insight into current attacker techniques and trends, not last year’s CVE list.
The finance sector faces a threat landscape that most generic red teams cannot replicate. Payment processes, trading infrastructure, internal fraud vectors and regulatory pressure create a unique attack surface that requires attackers who actually understand the domain.
What we do
From initial compromise to board-level reporting. All grounded in the same offensive mindset.
We test your defenses the way real attackers would.
Adversary Simulation
Targeted attacks tailored to real threat actor behaviors. Test your tools, train your team, identify gaps and increase ROI on your security investments.
Penetration Testing
From attack vectors to impact validation: external, internal, web and physical. Assesses the effectiveness of patch management, configurations and hardening in practice.
Assume Breach Exercises
Internal threat and supply-chain risk exposure assessment, simulating a scenario where the attacker is already inside your perimeter.
Red Teaming (TIBER / TLPT / DORA)
Contribution, organization and monitoring of full-scope red team exercises aligned with TIBER-EU and DORA compliance frameworks for financial institutions.
Attack Surface Management
Proactive OSINT and threat intelligence on exposed assets, including manual security testing to identify key weaknesses before attackers do.
Vulnerability Research and OT/IoT
Patch validation and bypass attempts on critical systems or specific components including industrial IoT and OT environments.
Finance and Investment Scenarios
Unique mixed engagements combining adversary simulation with fraud exploitation techniques. Designed specifically for financial institutions, payment processors and investment firms.
Offensive knowledge applied to strengthen your detection and response capabilities.
Proactive Threat Intelligence
Live collection and offensive analysis of TTPs and IOCs via honeypots. Eliminates false positives and reconstructs actual attack chains to feed your SOC with real intelligence.
Detection Tuning and SOC Improvements
Use-case testing and detection logic improvements based on real attacker behaviors. Blue teams gain visibility before the rule exists, not after.
Purple Teaming
Coordination and execution of collaborative red and blue exercises based on TIBER methodology, building a tighter feedback loop between offense and defense teams.
Deception and Honeypot Deployment
Strategic canary and honeypot deployment as part of a deception-based monitoring architecture, catching attackers before they reach critical assets.
Cloud Security Review (incl. Entra ID)
Threat-led cloud tenant security configuration review including Microsoft Entra ID hardening, assessed from an attacker's perspective.
Incident Response Support
IRP and playbooks definition, post-breach remediation support and quick-wins implementation. Reachable when the attacker is not waiting until Monday.
Experience-backed advice that translates into practical action.
Security Project Management
End-to-end project support: we start together, we work together. Win/win partnership from planning to remediation follow-up.
Threat-Based Prioritization
Threat modeling based on real public data to understand risks, because scoring-based prioritization is not enough for effective remediation.
Architecture and Technical Reviews
Using a non-theoretical, penetration-testing approach to identify what an attacker could achieve against your architecture rather than a classical risk scoring exercise.
NIS2 Implementation and Governance
Security policy definition, NIS2 support, gap analysis and governance advisory rooted in technical reality rather than checkbox compliance.
Supply-Chain Risk (MITRE SOT)
Using the MITRE System of Trust framework to identify supply-chain controls for SMEs and their downstream clients.
Training and Awareness
Technical and executive team training: offensive security awareness, threat actor behavior sessions and hands-on workshops.
Featured service
A SOC only identifies what has already been modelled. We close the gap before it is exploited.
Attackers innovate continuously. Defenders update afterwards. This sequencing defines the asymmetry that has challenged our industry for decades. Our worldwide honeypot network captures live TTPs, payloads and behavioral patterns across 23 corporate solutions including Fortinet, VMware, Ivanti, SAP and more.
When a new threat targeting your exposed assets is detected, BOSS extracts the payload, performs complete analysis and contacts you directly. Not via automated email.
The result is a more adaptive, intelligence-led defense model that reduces blind spots and closes the attacker-defender gap.
Ask about CTI subscriptionLive threat capture. Continuous monitoring via global honeypot network. Attacks collected as they happen in the wild, not from public feeds.
Zero false positives. Every alert is manually triaged by an offensive expert before it reaches your team. No automated noise, only actionable intelligence.
Immediate notification. Context, affected component, IOCs and remediation plan delivered directly when a realistic threat to your assets is identified.
SOC enrichment. Tailor-made detection use-cases based on real ongoing threat actor campaigns, ready to deploy in your SOC before the attack reaches you.
Yearly subscription. Starting from 12,000€/year for 5 covered assets. Monthly option available.
Why BOSS
Not a large consultancy with a playbook. A specialized operator with 15+ years of field exposure across multiple countries and sectors.
Certifications
Internationally recognized offensive security certifications. Not just credentials, a reflection of hands-on technical depth earned in the field.
Approach
Every recommendation is calibrated to real-world constraints including limited budgets. We focus on pragmatic, efficient solutions, not compliance theater.
Structure
No board, no financial pressure, no account managers. You engage directly with the expert. Your context is understood, not lost in a delivery chain.
Network
Trusted, specialized partners exclusively based in Europe. Brought in when needed, seamlessly and transparently, to deliver full coverage without compromising quality.
Scope
Offensive security, defensive operations, strategic consulting. A transversal view built over 15+ years means understanding how each dimension affects the others.
Pricing
Competitive rates based on a previous analysis reflecting our commitment to making quality security accessible.
Vulnerability Research
Active vulnerability research across the full stack: web applications, enterprise software, IoT/OT devices, Windows, Linux and Java environments. Public CVE disclosures, PoC exploits and advisories published regularly — not just theoretical knowledge.
Community
According to our philosophy and human-focused values, BOSS actively contributes to the Luxembourg and international cybersecurity community.
Underground community events
Informal, 100% underground security meetups in Luxembourg running for years. A space for practitioners to meet, share knowledge and talk about what actually happens in the field. No slides, no sponsors, no marketing. Just people who know their stuff.
Luxembourg Underground • By invitationConference organizer
BOSS organizes the first Security BSides Luxembourg, hosting the #OffensiveOps Village, a space for practitioners to share real-world offensive security knowledge beyond the standard conference format.
2025.bsides.luEcosystem member
BOSS is a member of the LHC ecosystem, Luxembourg’s national cybersecurity community bringing together experts, companies and institutions to strengthen collective resilience.
lhc.luResearch & Publications
Technical writeups, CTI analysis and offensive security research. Real cases, real techniques, no filler.
Real-world banking fraud: challenge accepted
No CVEs, No Alerts — Full Impact. A real engagement validating whether end-to-end banking fraud is achievable without a single exploit.
Vulnerability research & CVE disclosures
Original CVE research across web, application, IoT, Windows, Linux and Java targets. Public disclosures, PoC code and advisory writeups.
Recorded conference talks
Presentations covering offensive security techniques, threat intelligence and red team methodology from various industry events.
Reach out to understand what an attacker could actually achieve against your organization. Before it happens.
Address
9 rue des Prés
L-9907 Troisvierges
Luxembourg
Phone
Legal
N° TVA LU : LU36900006
Autorisation n° : 10184616 / 0
Follow
Whether you need a penetration test, a strategic security review or simply want to understand your current exposure, we engage directly. No sales process, no generic proposals.
contact@boffsec-services.comResponse within 24h. All engagements covered by a formal service contract. European partners only for any subcontracting.