Updates and News

• 01/03/2012 - New advisory released: rt-sa-2012-001: Bugzilla: Cross-Site Scripting in Chart Generator.
• 12/15/2011 - Two new advisories released: rt-sa-2011-005: Owl Intranet Engine: Authentication Bypass and rt-sa-2011-006: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes.
• 11/30/2011 - Jens Liebchen was interviewed by the radio station DRadio Wissen for the news item “Bundesweiter Penetrationstest” about the German crisis management exercise LÜKEX (Länder Übergreifende Krisenmanagement-Übung) 2011.
• 11/24/2011 - Claus Overbeck was interviewed by the German magazine Wirtschaftswoche for the article “Lautlose Attacken aus dem Netz”.
• 10/26/2011 - Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 8 November 2011 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg and 5 Dezember 2011 at the Fachhochschule Aachen in the course Informationssicherheit (information security). RedTeam Pentesting is glad to be able to again support Universities with a presentation and practical expertise.
• 10/04/2011 - RedTeam Pentesting has a new member: Matthias Lederhofer reinforces the team as a new penetration tester.
• 09/28/2011 - The fluter Magazine of the German Federal Agency for Civic Education cites Patrick Hof on the topic of penetration tests in the article “Krieg oder Cyberprotest”.
• 09/23/2011 - Issue 05/2011 of ADMIN Magazine will include the english translation of an article about physical security written by RedTeam Pentesting, that was already published in the German edition. Release dates are October 7 for the EU, November 11 for the US and December 12 for the australian edition.
• 09/14/2011 - Jens Liebchen answers questions about online banking security today at 6:20pm for the German TV show WDR Servicezeit.
• 09/13/2011 - RedTeam Pentesting is using a new telephone number. From now on you can reach RedTeam Pentesting via phone at +49 241 510081-0 or via fax at +49 241 510081-99. We are looking forward to your call!
• 07/26/2011 - On August 5 2011 at 2:00pm, Alexander Neumann will give a talk about “Exploiting Padding Oracles in Practice” at the IT Security Research Group (in the seminar room) of RWTH Aachen University. Everybody is welcome to join the free talk, though cryptographic knowledge is needed. The talk will be given in German.
• 07/13/2011 - In the current edition of the German magazine ADMIN-Magazin an article about physical security written by RedTeam Pentesting was published.
• 07/05/2011 - Patrick Hof talks about risks of online banking today at 5:30pm in Das Sat.1 Magazin.
• 06/14/2011 - On July 1st, Patrick Hof will hold the workshop “Aktuelle Fälle von Datendiebstahl und wie sie grundsätzlich funktionieren - Hintergrundwissen für Journalisten” at the Netzwerk Recherche's Jahreskonferenz 2011 in Hamburg.
• 06/08/2011 - Jens Liebchen comments on new security measures for online banking for the German TV station n-tv. The interview will be aired on June 10, 2011.
• 05/17/2011 - On May 26 2011, Alexander Neumann will give a talk about “Security and Privacy Implications of URL Shortening Services” at the IEEE Symposium on Security and Privacy in the workshop part Web 2.0 Security and Privacy 2011 (W2SP) in Oakland, California.
• 05/04/2011 - Two new advisories released: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances, Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface.
• 04/19/2011 - RedTeam Pentesting demonstrates for the German TV show MDR Umschau how easy unauthorised persons can break into hotel rooms.
• 04/18/2011 - Claus Overbeck of RedTeam Pentesting talked about penetration testing in the interview “Wir brechen tagtäglich ein” with the German WirtschaftsWoche.
• 03/31/2011 - RedTeam Pentesting has a new member: Angel Tchorbadjiiski reinforces the team as a new penetration tester.
• 03/15/2011 - Two new advisories released: nostromo nhttpd directory traversal leading to arbitrary command execution, SugarCRM list privilege restriction bypass.
• 02/26/2011 - Jens Liebchen of RedTeam Pentesting was interviewed for the German article “Das Handy als Autoschlüssel oder Kreditkarte” by the WDR and talks about near field communication.
• 02/21/2011 - Jens Liebchen of RedTeam Pentesting was interviewed for the German article “Banken schaffen TAN-Listen ab” by the WDR and talks about new and old risks of online banking.
• 02/18/2011 - Jens Liebchen held the talk “Physical Security - Wenn Türen zu Firewalls werden” at the 18th DFN Workshop. The slides from the talk can be found in the publications section.
• 02/09/2011 - A video of Claus Overbeck's talk about “Ten Commandments of IT-Security for WEB 2.0 Startups” is now available at the HackFwd Blog.
• 01/26/2011 - On February 10th, RedTeam Pentesting will give the talk “Physical Security - Wenn Türen zu Firewalls werden” about physical security and its relation to IT security at the 18th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the second workshop day, 10:00am.
• 12/10/2010 - Claus Overbeck held a talk about “Ten Commandments of IT-Security for WEB 2.0 Startups” at the HackFwd Build 0.4. The slides from the talk can be found in the publications section.
• 11/12/2010 - Jens Liebchen of RedTeam Pentesting was interviewed for the report “Gefahr durch Industriespionage” of the WDR programme WESTPOL. It will be part of the show broadcast on November 14, 2010, at 7:30pm.
• 22/09/2010 - On September 2010, RedTeam Pentesting will give the lightning talk “Forgotten JBoss AS exploitation techniques” at the BruCON security conference in Brussels.
• 08/20/2010 - On August 31, 2010 RedTeam Pentesting will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” at the event Praktische IT-Sicherheit, Hochschule Bonn-Rhein-Sieg.
• 07/12/2010 - The slides plus link collection for the workshop “Un(der)cover - Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse”, held at the Netzwerk Recherche's annual conference 2010 in Hamburg, are now available under Publications.
• 07/06/2010 - On July 9th, RedTeam Pentesting will hold the workshop “Un(der)cover - Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse” at the Netzwerk Recherche's Jahreskonferenz 2010 in Hamburg.
• 06/18/2010 - RedTeam Pentesting will be present at the Informatica 2010 in Aachen on June 25th, 2010. More information is available in Regina e.V.'s program schedule (German).
• 06/15/2010 - As of now, a new information page about JBoss Security is available. It also contains the new whitepaper “JBoss AS - Deploying WARs with the DeploymentFileRepository MBean” and scripts for download.
• 04/30/2010 - Video of the talk “Bridging the Gap between the Enterprise and You - or - Who's the JBoss now?”(German), held at Ruhr-Uni­ver­si­tät Bochum, is now available online.
• 04/13/2010 - On April 21, 2010 RedTeam Pentesting GmbH will present the talk “Bridging the Gap between the Enterprise and You - or - Who's the JBoss now” (in German) at the Bachelor-Vertiefungspraktikum zur Hackertechnik of the Chair for Network and Data Security, Ruhr-Universität Bochum.
• 04/12/2010 - The slides from the talk “Peeking into Pandora's Bochs - Instrumenting a Full System Emulator to Analyse Malicious Software”, held at the Hackito Ergo Sum 2010 security conference, are now online.
• 04/07/2010 - RedTeam Pentesting GmbH will be presenting the talk “Peeking into Pandora's Bochs - instrumenting a full system emulator to analyse malicious software” at the Hackito Ergo Sum IT security conference in Paris (April 08th-10th 2010).
• 02/05/2010 - On February 9th, RedTeam Pentesting will give the talk “Emulationsbasiertes Entpacken von laufzeitgepackten Schadprogrammen und darüber hinaus” about emulation based unpacking of runtime packed malware at the 17th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the first workshop day, 4:15pm.
• 01/27/2010 - Three new advisories released: Security vulnerabilities in the Geo++(R) GNCASTER NTRIP Caster.
• 12/21/2009 - Proof of Concept Code for the TLS Renegotiation Vulnerability published.
• 12/01/2009 - The Whitepaper of the talk “Bridging the Gap between the Enterprise and You - or - Who's the JBoss now” is now available also available in English at the Publications page.
• 11/24/2009 - The paper “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System” is now also available in English.
• 11/23/2009 - German press release “Online-Banking: Erfolgreicher Angriff gegen chipTAN comfort-Verfahren” (German) and paper “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System” published.
• 11/20/2009 - RedTeam Pentesting examined the online banking systems iTAN and chipTAN comfort and devised attacks against them for the German TV magazine Planetopia on SAT1. The results will be shown on November 22nd, 2009 at 10:45pm. Full details about all attacks will be published on Monday, November 23rd, 2009 under Publications.
  [Update] The video “Vorsicht beim Online-Banking – Wie unsicher ist die neue chipTAN?” can now be watched on the Planetopia website.
  [Update] The video is not available anymore.
• 11/02/2009 - The slides from the talk “Peeking into Pandora's Bochs - Instrumenting a Full System Emulator to Analyse Malicious Software”, held at the hack.lu 2009 security conference, are now online.
• 11/02/2009 - The (German) article “Ubiquitous Security – ganz gewöhnliche Angriffsvektoren”, published by SearchSecurity.de is now listed in the “press” section. The article contains commentary by Jens Liebchen of RedTeam Pentesting GmbH.
• 11/02/2009 - RTL Télé Lëtzebuerg published a short report about hack.lu 2009, including a part about RedTeam Pentesting GmbH.
• 10/30/2009 - While attending the hack.lu security conference in Luxembourg, RTL Télé Lëtzebuerg did a short interview with RedTeam Pentesting. It is scheduled to be shown during today's evening news “De Journal” at 19:30. You can watch it at the RTL Livestream.
• 10/23/2009 - RedTeam Pentesting GmbH will be presenting the talk “Peeking into Pandora's Bochs - instrumenting a full system emulator to analyse malicious software” at the hack.lu IT security conference in Luxembourg (October 28th-30th 2009).
• 08/10/2009 - New advisory: Authenticated arbitrary code execution in Papoo CMS.
• 07/28/2009 - RedTeam Pentesting will present the talk „Bridging the Gap between the Enterprise and You - or - Who's the JBoss now” at FrOSCon. FrOSCon is a two-day conference about Free Software and Open Source. Interested parties can register here.
• 06/03/2009 - The Whitepaper of the talk “Bridging the Gap between the Enterprise and You - or - Who's the JBoss now” is now available at the Publications page. It contains detailed descriptions of the attacks presented in the talk.
• 06/02/2009 - On June 17th 2009, RedTeam Pentesting will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” (German) at the IHK Aachen. The event happens together with the Verfassungsschutz NRW and the Landesinitiative secure-it.nrw. The central theme of the talk will be examples from penetration tests and real cases of industrial espionage, which point out surprising risk factors. Participation is free, interested parties can register here.
• 05/14/2009 - As of today, RedTeam Pentesting's website is available in a new design. Following this update, the contents will also be expanded and updated over time.
• 05/05/2009 - Four advisories concerning the IceWarp eMail Server released.
• 05/04/2009 - On May 19th 2009, RedTeam Pentesting will give the talk „Bridging the Gap between the Enterprise and You - or - Who's the JBoss now” at the Center for Computing and Communication of RWTH Aachen University. Because of the available time, all attacks can be demonstrated live. Participation is free for everyone interested, only a registration is required.
• 05/04/2009 - On May 8th 2009, RedTeam Pentesting is represented with a booth at the 25th anniversary celebrations of the Technology Centre Aachen. Amongst other things, RedTeam Pentesting will show how to eavesdrop on DECT telephones. Visitors are encouraged to bring their own telephones, which will then be examined on-site.
• 04/06/2009 - RedTeam Pentesting has a new member: Alexander Neumann reinforces the team as a new penetration tester.
• 04/06/2009 - Euregio aktuell mentions RedTeam Pentesting in their article “Europäische Tagung in Aachen” (European conference in Aachen), which happened in the context of the EU project FIN-URB-ACT.
• 03/19/2009 - The slides from the talk “Bridging the Gap between the Enterprise and You - or - Who's the JBoss now” held at the 16th DFN-CERT Workshop in Hamburg are now online.
• 03/09/2009 - The slides from the talk “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” held at the security day of the open source forum at the CeBIT are now online.
• 03/05/2009 - The slides from the talk “Practical Security and Crypto: Why Mallory Sometimes Doesn't Care” held at the EiPSI seminar at the TU Eindhoven are now online.
• 02/27/2009 - On March 06, 2009 RedTeam Pentesting will give a talk at the CeBIT with the title “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” (in German) at the Open Source forum's security day. The German Linux Magazine will also do a live streaming of the event.
• 02/27/2009 - On March 04, 2009 RedTeam Pentesting will give a talk at the EiPSI Seminar of the Eindhoven University of Technology with the title “Practical Security and Crypto: Why Mallory Sometimes Doesn't Care”.
• 02/09/2009 - On 17th/18th February 2009, RedTeam is attending the IT Security Gipfel 16 in Berlin.
• 01/26/2009 - The slides from the talk “IT-Security in Theorie und Praxis” at the IHK Arnsberg are now online.
• 01/16/2009 - On January the 22th 2009, RedTeam Pentesting will give the talk “IT-Security in Theorie und Praxis” at the IHK Arnsberg.
• 01/05/2009 - On March 17th, RedTeam Pentesting will give the talk “Bridging the Gap between the Enterprise and You” about vulnerabilities in JBoss AS installations at the 16th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the first workshop day, after the keynote.
• 01/02/2009 - The Gründerregion Aachen interviewed RedTeam Pentesting about the risks of Web 2.0 technologies for issue 3/2008 of their news journal “Gründerzeitung” (PDF, German).
• 10/20/2008 - RedTeam Pentesting will give a talk titled “Bridging the Gap between the Enterprise and You” at the security conference hack.lu 2008 on 23rd October. The talk covers typical vulnerabilities of JBoss installations and their exploitation.
• 10/20/2008 - RedTeam Pentesting is taking part in the IT Security Gipfel 15 in Berlin.
• 10/09/2008 - RedTeam Pentesting has grown substantially and moved to new premises within the Aachen Technology Centre. Telephone and Fax numbers remain the same.
• 09/19/2008 - On September 24, RedTeam Pentesting will give a (German language) talk titled “IT-Security in Theorie und Praxis - Über 'harmlose' Geräte und andere Denkfehler” at the event “Brennpunkt IT-Sicherheit: Risiken - Strategien - Konzepte“ at the Technologiezentrum am Europaplatz in Aachen.
• 06/13/2008 - Stern.de published an article (German) about vulnerabilities, that RedTeam Pentesting demonstrated in cooperation with the Independent Centre for Privacy Protection Schleswig-Holstein (ULD).
• 06/02/2008 - In collaboration with the Independent Centre for Privacy Protection Schleswig-Holstein (ULD), RedTeam Pentesting revealed on behalf of the german TV show ZDF Frontal21 security vulnerabilities in MFPs (Multi Function Peripherals). The show airs on June the 3rd, 9:00pm.
• 04/29/2008 - The Slides of the talk “Penetration Testing - Praxis and Beyond” at the working group Security of the german speaking Bull User Society are now online.
• 04/04/2008 - The slides from the talk “Iterative Kompromittierungsgraphverfeinerung als methodische Grundlage für Netzwerkpenetrationstests” at the Sicherheit 2008 security conference are now online.
• 04/02/2008 - The slides from the talk “Ubiquitous IT Security - Warum die Firewall nicht schützen konnte” at the Sicherheit 2008 security conference are now online.
• 03/25/2008 - On 03/26/08, the german TV station WDR shows in its Servicezeit Familie program a report with RedTeam Pentesting about the dangers of online banking.
• 03/19/2008 - At the Sicherheit 2008 (2nd-4th of April 2008) conference we will be giving a talk about a graph-theoretic approach to estimating costs of penetration tests. As a sponsor of the conference we will also be present with a booth.
• 03/11/2008 - Two advisories concerning MapBender released.
• 02/13/2008 - The slides from the talk "Effiziente Beobachtung von Botnetzen" at the 15th DFN workshop "Sicherheit in vernetzten Systemen" are online.
• 01/21/2008 - The german print magazine Focus Magazin publishes a cover story about online banking security in issue 04/2008. RedTeam Pentesting has given an interview.
• 01/14/2008 - Claus Overbeck will give a talk about efficient observation of botnets at 15th DFN Workshop "Sicherheit in vernetzten Systemen".
• 10/22/2007 - The slides from the talk "Botspy - Efficient Observation of Botnets" at the hack.lu security conference are online.
• 09/28/2007 - The slides for the workshop "Effektive Onlinerecherche im Internet" are online.
• 09/26/2007 - RedTeam Pentesting will hold a workshop (in german) on 09/29/07 with the topic "Effektive Onlinerecherche im Internet" (effective online research in the Internet) at the "Zukunftskongress Ethik 2.0 - Schöne neue Online-Welt?" of the Journalistenverband Baden-Württemberg and the DJV-Bundesfachausschuss Online.
• 09/17/2007 - Remote command execution in Alcatel-Lucent OmniPCX
• 07/30/2007 - All About Security has published an (german) interview with RedTeam Pentesting.
• 07/13/2007 - Four advisories concerning ActiveWeb Contentserver CMS released.
• 07/04/2007 - Two new advisories:
  rt-sa-2007-002: Fujitsu-Siemens ServerView Remote Command Execution
  rt-sa-2007-003: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure
• 03/21/2007 - The slides from the German talk at the IHK Aachen (Chamber of Industry and Commerce in Aachen) can be downloaded in the publications area.
• 03/07/2007 - RedTeam Pentesting will support the event called IT-(Un-)Sicherheit - Augen zu und durch? Oder Penetrationtests durchführen lassen organized by the German Chamber of Industry and Commerce in Aachen at 03/21/07.
• 02/07/2007 - The slides from the German talk “IT-Security aus dem Nähkästchen - oder - »Das kann mir nicht passieren...«” are available for download in the publications section.
• 02/01/2007 - At February, the 7th - 8th, there will be a German it-security conference called "14. Workshop "Sicherheit in vernetzten Systemen" in Hamburg. RedTeam Pentesting will give a talk titled "IT-Security aus dem Nähkästchen - oder - Das kann mir nicht passieren..." there.
• 12/12/2006 - New articel in German magazin "Der EDV-Leiter" published. The article is available for download here (German PDF).
• 11/06/2006 - Dec. the 08th, RedTeam Pentesting will hold a talk about Pentesting. This will take place in the context of the event "IT-Security as a guarantee for success" at the AGIT, organized by ACC-EC.
• 10/31/2006 - New Advisory: Authentication bypass in BytesFall Explorer
• 10/20/2006 - RedTeam Pentesting held a talk at the Hack.lu 2006 about the cryptochallenge of the Hack.lu 2005. The slides can be downloaded under publications.
• 10/12/2006 - RedTeam supports the NRW-Forschungstag IT-Sicherheit. Besides the manifold talks there is a dedicated area with selected exhibitors. The event aims especially at a better co-operation between science and economy and takes place on Wednesday, October 25th, in Aachen. There is no entrence fee.
• 09/12/2006 - The German radio station Eins Live did an interview with RedTeam covering the subjects IT security in research and teaching as well as the experience of our daily work. There is an accompanying article in German available under the title “Hacken lernen in Aachen” (“learning to hack in Aix-la-Chapelle”).
• 08/31/2006 - The slides from the presentation at the OpenChaos can now be found under publications.
• 08/29/2006 - The news article “Studieren in der Grauzone” is linked under press. Die Zeit reports on world's best hackers from Aachen.
• 08/24/2006 - The Chaos Computer Club Cologne e.V. (C4) invited RedTeam to give a talk within their OpenChaos events. The talk with the topic “Hacking for Security - Penetrationtests” will take place on Thursday, August 31st, 08:00 pm local time on the premises of the C4 and is open for everyone. The talk will be held in German.
• 07/20/2006 - Vulnerable regular expression in planetGallery discovered.
  rt-sa-2006-006: Remote command injection
• 06/15/2006 - Two new security advisories regarding phpBannerExchange released: Especially interesting is the circumvention of the eregi()-input-checking using a nullbyte in rt-sa-2006-005 because of a design flaw in PHP.
  rt-sa-2006-004: Authentication bypass in phpBannerExchange
  rt-sa-2006-005: Unauthorized password recovery in phpBannerExchange
• 05/22/2006 - Podcast Clients: Two new advisories released: Prodder Remote Arbitrary Command Execution & Perlpodder Remote Arbitrary Command Execution
• 04/20/2006 - Added more information about PenTests
• 04/13/2006 - New advisory released: PAJAX Remote Code Injection and File Inclusion Vulnerability
• 02/22/2006 - In cooperation with the Center for Computing and Communication of RWTH Aachen University RedTeam will repeat the speech about penetration tests on March, 6nd, at 02:00 pm because of the great demand. The event titled “Hacking for your Security - Penetrationtesting - reloaded” will be in German again and the registration has just started.