Breached?
Report an incidentIncident?

Blog

Windows Privilege Escalation – an approach for penetration testers

  • On 18. Apr 2019
Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which lead to steady improvements of these. Nevertheless, attackers find new vulnerabilities and security holes. Motivation The race between attackers and defenders is a continuing one. Companies must protect their data. Preventing privilege escalation attempts from malicious employees or attackers decreases the probability of a data breach. One way to assess and improve the security level of a company’s infrastructure is by engaging security experts to perform penetration tests. The main objective of a penetration test is the determination of vulnerabilities within a system, network, or […]
Read More

Pentesting: Benefits, Legal Compliance and Costs

  • On 8. Apr 2019
Vulnerabilities in everyday products such as smart appliances, routers and other connected devices often make the news and users start to question the underlying procedures (or lack thereof) to secure their private information. Learn how pentesting can be an important and efficient method to improve the security level of networks and various applications.
Read More

Reverse Engineering Architecture and Pinout of Custom ASICs

  • On 26. Feb 2019
Learn about the process of initial reverse engineering the pinout of unknown ASICs by using moderate methods. The two described ICs are good examples out of many industry-solutions and have been chosen to demonstrate how design decisions from vendors are made. The exploited potential leak of the supply-chain can be leveraged by a hardware reverse engineer to extract internal information about such systems.
Read More

Cryptographic Vulnerabilities in German e-Government Library

  • On 5. Feb 2019
The OSCI-Transport Library is a software component used by many German government agencies to securely exchange data via the OSCI-Transport protocol. This Java library was susceptible to two attacks that could potentially allow an attacker to bypass some of the OSCI-Transport protocol's core security promises.
Read More

My name is Johann Wolfgang von Goethe – I can prove it

  • On 20. Nov 2018
The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications
Read More

Cookie Preference

Please select an option. You can find more information about the consequences of your choice at Help.

Select an option to continue

Your selection was saved!

Help

Help

To continue, you must make a cookie selection. Below is an explanation of the different options and their meaning.

  • Accept all cookies:
    All cookies such as tracking and analytics cookies.
  • Accept first-party cookies only:
    Only cookies from this website.
  • Reject all tracking cookies:
    No cookies except for those necessary for technical reasons are set.

You can change your cookie setting here anytime: Blog. Blog

Back