We increase the resilience of your company.

Who we are

About Us


MainDefense is a team of IT security experts specializing in Cyber Defense, Incident Response, Forensics, Vulnerability Management, and Offensive Security. Our extensive experience in addressing ransomware attacks and the insights gained regarding the initial compromise of companies have often led to the same conclusion: The human element is one of the primary targets of attackers.


We often observed that User Awareness and Anti-Phishing campaigns are frequently self-created or sourced from training providers whose primary focus typically lies in pedagogy and learning psychology. However, such training templates seldom reflect the real threat emails that your company is genuinely exposed to.

This is where we step in. Our Threat Intelligence Team actively monitors ransomware groups, collecting current threat emails to use in our campaigns. We do not aim to produce emails with high click rates just to justify our presence in your company.

Learning from real examples, using genuine emails from actual attacks, to proactively prevent ransomware infections and data breaches. That's our mission!

What we do

Fully Managed User Awareness Platform for effective protection against Cyber Threats

What do we do differently?

Many awareness providers have their roots in the education sector and focus on extensive training materials. However, what's often missing is the current expertise to tailor the content to the evolving cyber threats.
We believe this is not enough. With the rapid evolution of attack techniques, many employees struggle to apply what they've learned to actual threat emails.
The most significant learning comes from real threat emails.
That's why at MainDefense, we blend genuine threat intelligence with proven training methods, ensuring the highest level of protection for your company.

How do we do it?

Our Threat Intelligence Team actively monitors ransomware groups, collects current attack emails through our global honeypot network, and analyzes phishing toolkits, including dark web Phishing-as-a-Service infrastructures. Furthermore, we keep an eye on contemporary threats, such as AI/ChatGPT phishing, and leverage these insights for our own phishing campaigns.

Our clients range from small to medium-sized enterprises (SMEs) to large corporations in over 26 countries. See for yourself in a


Benefits of our Fully Managed User Awareness Platform:

  • Minimal setup effort and free onboarding support for clients (less than 30 minutes).
  • Relief for your IT department through our Fully Managed Service approach. From creation to management and operation of the complete awareness training - everything is in our hands.
  • Phishing emails, training pages, and training videos in all international languages.
  • Live reporting via a client-specific dashboard and automated email reporting for compliance requirements (e.g., ISO/IEC 27001, TISAX).
  • 100% GDPR-compliant. Security and Privacy by Design. Highly valued by works councils.
  • Office 365 module for additional evaluations of credentials.
  • Guaranteed currency of attack emails and techniques in every campaign (e.g., Ransomware emails, QR-Code Phishing).
Optional Services:
  • Leakage/Breach control for passwords in Credential Harvesting Awareness campaigns.
  • Compliance check for passwords based on Best Practices for Credential Harvesting Awareness campaigns.
  • Integration of internal client emails into Awareness campaigns.

PHISHEYE Screenshot

What matters to us

Secure and Sustainable

Quality and Trust – 100% Security made in Germany!

Development, Hosting, and Operations – all from one source. We develop our platform in-house and operate it exclusively in ISO-27001 certified data centers in Germany. We are firmly committed to GDPR compliance and serve many esteemed clients from the critical infrastructure sector, who, just like us, prioritize the highest security standards.

Sustainability – MainDefense Goes Green!

Since 2019, we have exclusively powered our services with 100% renewable energy. But that was just the beginning for us. Starting in 2022, we've been using self-generated electricity for our heating and office operations and for charging our electric company vehicles.

At MainDefense, profitability and sustainability are two sides of the same coin. That's why we plant a tree for every contract we close, actively contributing to climate protection and enhancing the quality of life in our region.

Was wir tun

Weitere Services

Spear Phishing Simulation

Some employees in organizations are particularly exposed and therefore have a high risk of becoming victims of targeted attacks. Examples of these employee groups are management, development, sales and HR. In the above examples, two factors increase the risk. On the one hand, contact data, contact networks and hierarchies of these groups of people are usually publicly accessible. On the other hand, they are worthwhile targets due to their strategic knowledge and budget responsibility. We help you to identify people with a high need for protection and to minimize risks of these employee groups.

NextGen Phishing Simulation

Attacker groups constantly change their strategy to bypass technical defenses. For instance, QR Codes are used to encode malicious URLs, a tactic known as "Quishing". The rapid advancements in Artificial Intelligence (AI), particularly with technologies like GPT, have broadened the cyber threat landscape. Attackers leverage these advanced technologies to craft convincing and targeted phishing messages that even trained eyes often miss.

As soon as we identify new trends, we integrate them into our training campaigns, ensuring your employees are well-prepared for the latest attack techniques - automatically, at no extra cost, without any effort on your part, provided "as-a-service".

MFA Phishing Training with EvilProxy

Multi-factor authentication (MFA) is considered a crucial measure to protect accounts and data from unauthorized access. However, attackers constantly develop new techniques to overcome even these barriers. With our MFA Phishing Training using EvilProxy, we offer businesses the opportunity to defend against such advanced attack techniques. Our service simulates genuine attack attempts, allowing your employees to learn in a safe environment how these attacks appear and how to recognize them. We also assist in the implementation of phishing-resistant MFA measures.

Hands-on Social Engineering

While discussions about information security usually focus on technical aspects, the human factor is often neglected. It is becoming increasingly apparent that attacks against people are more promising and more effective. By using common attack techniques, we identify vulnerable groups and point out possible attack scenarios.

Integrated Training Platform

Your key to comprehensive security awareness with interactive training on our integrated training platform. Whether it's about cyber security, safe remote work practices, or other essential areas – we've got you covered. In addition to the basics of IT security, our platform also provides advanced courses on data protection, compliance, corruption prevention, and occupational safety. Through vivid learning modules, practical examples, and interactive tests, we ensure that your team is always up-to-date and confidently addresses the challenges of the digital world. Invest in knowledge and thereby protect your company from potential risks.

USB Phishing Simulation

Maybe one or the other already knows the problem? A USB stick is on the parking lot or in front of the company building. But what to do? Many employees plug the USB stick into the company computer to check what data is stored there or to check who owns the USB stick.
Attackers also use this behavior to gain easy access to the internal company network without having to carry out an elaborate hacker attack. Through targeted simulations and the distribution of USB devices in front of your company site, we make your employees aware of this danger.

Voice Phishing

Telephone phishing is becoming increasingly popular with attackers. The aim of the attacker is to gain trust through a polite appearance or to create stress through an aggressive manner in order to persuade users to take unusual actions. This can be opening an email, leaking sensitive information, or changing a bank account. We carry out such attacks in your company and then train your employees to reduce the attack vector.

Offline Phishing

Phishing can also be implemented without electronic data processing. The greater value attributed to letters, as opposed to e-mails, can also be used by attackers to deliberately deceive employees. Invoices and payment requests sent by post repeatedly lead to financial damage in companies, which must be prevented.


Do not hesitate
to talk with us about your concerns and requirements!

Schneckenweg 17
63933 Mönchberg, BY, DE

+49 (151) 424 30 264   +49 (151) 407 48 295