RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT security experts. Hereby, security weaknesses in IT systems (e.g. networks, applications or devices) are uncovered and can be remedied.
As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results so far are public security advisories which gained national and international attention.
In contrast to many other companies, RedTeam Pentesting specialises in pentests. A detailed description of pentests can be found on the pentest pages, frequently asked questions are answered in the FAQ section.
If there are any further questions, do not hesitate to contact us via email, fax or phone.
To stay up to date with news from RedTeam Pentesting you can subscribe to the following RSS feed.
- Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications. -
- We've published a blog post about a vulnerability we've discovered in Bitwarden at the beginning of 2023. It allowed accessing data from the vault without the password in certain circumstances. -
- RedTeam Pentesting has two new members: Severin Schüller and Vincent Drury reinforce the team as new penetration testers. -
- RedTeam Pentesting has a new member: Frederic Gorski reinforces the team as a new penetration tester. -
- Our new blog post gives an overview of exploiting vulnerabilities in Ghostscript. -
- New advisory released: D-Link DAP-X1860: Remote Command Injection . -
- On 2 October 2023 Jens Liebchen held the talk “Gezielter Ausnahmezustand – Penetrationstests” as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswerk. The German language slides are available for download under Publications. -
- New advisory released: Session Token Enumeration in RWS WorldServer. -
- A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail. -
- In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX. -
- New advisory released: STARFACE: Authentication with Password Hash Possible. -
- Several advisories for vulnerabilities in the open-source software Pydio Cells released: Unauthorised Role Assignments, Cross-Site Scripting via File Download, Server-Side Request Forgery. -
- Today we released our newly developed program resocks. The accompanying blog post covers its usage and technical details. -
- Our new blog post describes the approach to integrate our new printer in our office infrastructure aiming to meet our specified security requirements. -
- Jens Liebchen held the talk “Physical Security – Wenn Türen zu Firewalls werden” on 7 February 2023 at the Chair for IT Security Infrastructures of the Friedrich-Alexander-Universität Erlangen-Nürnberg. The German language slides are available for download under Publications. -