My name is Johann Wolfgang von Goethe – I can prove it

On 20. Nov

The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications

Kitten of Doom – Why you should patch Skype for Business immediately

On 13. Nov

Vulnerability in Skype for Business might lead to DoS attack (using a few hundred emojis) in unpatched clients. Update now!

Millions of Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud)

On 9. Oct

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls.

GovWare 2018: The Internet was built to outlast nuclear war but fails at smart toasters

On 24. Sep

SEC Consult, CyberTrap and IoT Inspector showcased their consulting services around information security, reaching from penetration testing, source code review, red teaming, and ISO27001 ISMS implementation to security awareness trainings by the SEC Academy

Solutions for the Google CTF 2018 Hacking Contest

On 10. Sep

Google CTF is a hacking competition in the style of Capture-the-Flag, which has been going on for many years. Here are a few inputs on how to master it.

System Administrator (f/m) for Asia Pacific Region

On 20. Jul

Singapur

IT Project Assistant for Cyber Security (f/m)

On 13. Jul

Vienna - Munich - from 20 hours per week (or full time)

Application Security Monitoring: The one thing companies claim not to have a budget for

On 25. Jun

Time is money and money obviously is what keeps a company running. Up until the very moment it doesn’t: product releases get postponed, stakeholders leave and so does your window of opportunity to conquer the market. If you can’t think of a way to fix it, it is time to start over.

True Story: The Case of a Hacked Baby Monitor (Gwelltimes P2P Cloud)

On 21. Jun

Some time ago, a case about a hacked baby monitor made the news in the US. A mother claimed someone had taken control over the device and surveilled her baby. SEC Consult investigated the issue at a technical level. How it all started Earlier this month, news articles surfaced (Daily Mail, ABC News, NPR) on a case […]

Pentester’s Windows NTFS Tricks Collection

On 12. Jun

In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself. These tricks don’t lead to a directly exploitable condition, however, they can indirectly lead to exploitable flaws in special situations because of the non-intuitive behavior. […]

Page 1 of 712 3 ›»

Blog