Reverse Engineering Architecture and Pinout of Custom ASICs

On 26. Feb

Learn about the process of initial reverse engineering the pinout of unknown ASICs by using moderate methods. The two described ICs are good examples out of many industry-solutions and have been chosen to demonstrate how design decisions from vendors are made. The exploited potential leak of the supply-chain can be leveraged by a hardware reverse engineer to extract internal information about such systems.

One Hack of a Valentine: when IoT gets under your skin

On 14. Feb

Smart sex toys are really no fun if hacked...

Cryptographic Vulnerabilities in German e-Government Library

On 5. Feb

The OSCI-Transport Library is a software component used by many German government agencies to securely exchange data via the OSCI-Transport protocol. This Java library was susceptible to two attacks that could potentially allow an attacker to bypass some of the OSCI-Transport protocol's core security promises.

My name is Johann Wolfgang von Goethe – I can prove it

On 20. Nov

The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications

Kitten of Doom – Why you should patch Skype for Business immediately

On 13. Nov

Vulnerability in Skype for Business might lead to DoS attack (using a few hundred emojis) in unpatched clients. Update now!

Millions of Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud)

On 9. Oct

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls.

GovWare 2018: The Internet was built to outlast nuclear war but fails at smart toasters

On 24. Sep

SEC Consult, CyberTrap and IoT Inspector showcased their consulting services around information security, reaching from penetration testing, source code review, red teaming, and ISO27001 ISMS implementation to security awareness trainings by the SEC Academy

Solutions for the Google CTF 2018 Hacking Contest

On 10. Sep

Google CTF is a hacking competition in the style of Capture-the-Flag, which has been going on for many years. Here are a few inputs on how to master it.

Application Security Monitoring: The one thing companies claim not to have a budget for

On 25. Jun

Time is money and money obviously is what keeps a company running. Up until the very moment it doesn’t: product releases get postponed, stakeholders leave and so does your window of opportunity to conquer the market. If you can’t think of a way to fix it, it is time to start over.

True Story: The Case of a Hacked Baby Monitor (Gwelltimes P2P Cloud)

On 21. Jun

Some time ago, a case about a hacked baby monitor made the news in the US. A mother claimed someone had taken control over the device and surveilled her baby. SEC Consult investigated the issue at a technical level. How it all started Earlier this month, news articles surfaced (Daily Mail, ABC News, NPR) on a case […]

Page 1 of 812 3 ›»

Blog