Updates and News
04/04/2024
As of today, RedTeam Pentesting’s website is available in a new design. Your feedback is welcome.
02/04/2024
RedTeam Pentesting has a new member: Tobias Ferring reinforces the team as a new penetration tester.
17/01/2024
Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.
03/01/2024
We’ve published a blog post about a vulnerability we’ve discovered in Bitwarden at the beginning of 2023. It allowed accessing data from the vault without the password in certain circumstances.
07/11/2023
RedTeam Pentesting has two new members: Severin Schüller and Vincent Drury reinforce the team as new penetration testers.
11/10/2023
RedTeam Pentesting has a new member: Frederic Gorski reinforces the team as a new penetration tester.
11/10/2023
Our new blog post gives an overview of exploiting vulnerabilities in Ghostscript.
09/10/2023
New advisory released: D-Link DAP-X1860: Remote Command Injection .
04/10/2023
On 2 October 2023 Jens Liebchen held the talk “Gezielter Ausnahmezustand – Penetrationstests” as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswerk. The German language slides are available for download under Publications.
19/07/2023
New advisory released: Session Token Enumeration in RWS WorldServer.
12/07/2023
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.
05/06/2023
In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX.
01/06/2023
New advisory released: STARFACE: Authentication with Password Hash Possible.
30/05/2023
Several advisories for vulnerabilities in the open-source software Pydio Cells released: Unauthorised Role Assignments, Cross-Site Scripting via File Download, Server-Side Request Forgery.
12/04/2023
Our new blog post describes the approach to integrate our new printer in our office infrastructure aiming to meet our specified security requirements.
10/02/2023
Jens Liebchen held the talk “Physical Security – Wenn Türen zu Firewalls werden” on 7 February 2023 at the Chair for IT Security Infrastructures of the Friedrich-Alexander-Universität Erlangen-Nürnberg. The German language slides are available for download under Publications.
26/01/2023
New advisory released: Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin.
18/01/2023
Alexander Neumann held the talk „Mitbringsel aus dem Alltag: Star Wars in der niedersächsischen Provinz” at the event “Studierende treffen Alumni und Unternehmensexperten” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.
04/11/2022
The German TV show WDR Lokalzeit Aachen reported about our work and our new office.
24/10/2022
New advisory released: Missing Authentication in ZKTeco ZEM/ZMM Web Interface.
13/07/2022
Our new blog post introduces and covers common use cases of pretender, a new name resolution sidekick for relaying attacks.
13/06/2022
RedTeam Pentesting has a new member: Roman Karwacik reinforces the team as a new penetration tester.
12/01/2022
New advisory released: Credential Disclosure in Web Interface of Crestron Device.
20/12/2021
Our new blog post describes our approach to discover a backdoor in the Auerswald COMpact 5500R PBX.
06/12/2021
Several advisories for Auerswald devices released: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass, Auerswald COMpact Privilege Escalation, Auerswald COMpact Arbitrary File Disclosure, Auerswald COMpact Multiple Backdoors.
14/10/2021
On 21 October 2021 Jens Liebchen will give the German language talk “IT-Sicherheit: Unterwegs zwischen zwei Welten” at 14:30 o’clock at the Technologiezentrum Aachen (powered by Techniker Krankenkasse). Register at konferenz@tza-aachen.de in order to participate. The 3G rule applies.
13/10/2021
New advisory released: Cross-Site Scripting in myfactory.FMS.
10/08/2021
New advisory released: XML External Entity Expansion in MobileTogether Server.
18/06/2021
On the German podcast Digital genial by proALPHA we talk about cyber crime and how companies can better protect themselves through penetration tests.
21/05/2021
Today we released our encryption solution for the reMarkable 2 ePaper tablet on GitHub. An additional blog post outlines our threat model and the development process.
04/05/2021
RedTeam Pentesting has a new member: Jan Kruse reinforces the team as a new penetration tester.
04/03/2021
Our new blog post discusses easy readable styling of program calls by using curl as an example.
22/02/2021
On 23 February 2021 Jens Liebchen will give the German language talk “(Un-)Sicherheit voraus” for the Rotary Club Aachen-Frankenburg.
25/01/2021
Keeping up the good tradition, Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 26 January 2021 in the context of the lecture “Angewandte IT-Sicherheit” at the Lehrstuhls für IT-Sicherheitsinfrastrukturen (Chair for IT Security Infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg in form of a video conference.
04/01/2021
RedTeam Pentesting has a new member: Peter Ott reinforces the team as a new penetration tester.
04/01/2021
Our third blog post deals with the exploitation of a PHP deserialization vulnerability, using the Yii PHP framework as an example.
02/12/2020
Our new blog post covers an introduction and common use cases for the tool monsoon which we developed.
02/11/2020
Today we released our new blog. The first post describes analysis and exploitation of a vulnerability in Apache Tomcat.
21/10/2020
New advisory released: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton.
19/10/2020
New advisory released: FRITZ!Box DNS Rebinding Protection Bypass.
08/10/2020
New advisory released: Denial of Service in D-Link DSR-250N.
02/09/2020
New advisory released: Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting.
26/08/2020
RedTeam Pentesting can now be found on GitHub. Today the HTTP enumerator monsoon has been released.
16/06/2020
RedTeam Pentesting is hiring new employees to reinforce our teams! Further information can be found on our new career website (German only).
11/03/2020
New advisory released: Credential Disclosure in WatchGuard Fireware AD Helper Component.
02/01/2020
Two new advisories released: IceWarp: Cross-Site Scripting in Notes for Contacts and IceWarp: Cross-Site Scripting in Notes.
02/01/2020
RedTeam Pentesting has a new member: Lucas Vater reinforces the team as a new penetration tester.
28/10/2019
Two new advisories released: Unsafe Storage of Credentials in Carel pCOWeb HVAC and Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC.
28/10/2019
Keeping up the good tradition, Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 31 October 2019 in the context of the lecture “Angewandte IT-Sicherheit” at the Lehrstuhls für IT-Sicherheitsinfrastrukturen (Chair for IT Security Infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg. Following the talk there will be a practical introduction to lock picking.
02/07/2019
On 5 July 2019 Jonas Lieb will give a talk about pentesting at the III. Physikalisches Institut B of the RWTH Aachen University in the context of the event Freitagsseminar.
01/07/2019
New advisory released: Information Disclosure in REDDOXX Appliance.
19/06/2019
On 24 June 2019 Jonas Lieb will give the German language talk “Pentesting in der Praxis” at the practical Hacker training in the context of the bachelor of computer science at the Bonn-Rhein-Sieg University of Applied Sciences in Sankt Augustin.
17/05/2019
RedTeam Pentesting has a new member: Merlin Marek reinforces the team as a new penetration tester.
17/05/2019
New advisory released: Directory Traversal in Cisco Expressway Gateway.
27/03/2019
Three new advisories concerning improperly fixed vulnerabilities in Cisco RV320 Dual Gigabit WAN VPN Routers released: Unauthenticated Configuration Export, Unauthenticated Diagnostic Data Retrieval and Command Injection.
26/03/2019
New advisory released: Code Execution via Insecure Shell Function getopt_simple.
23/01/2019
Three new advisories for Cisco RV320 Dual Gigabit WAN VPN Router released: Unauthenticated Configuration Export, Unauthenticated Diagnostic Data Retrieval and Command Injection.
02/01/2019
RedTeam Pentesting has a new member: Erik Geiser reinforces the team as a new penetration tester.
28/11/2018
On 4 December 2018 Alexander Neumann will give the German language talk “Sicherer Umgang mit Daten auf SSDs” at the IT-Sicherheitstag NRW by the IHK NRW. The German language slides are available for download under Publications.
25/10/2018
Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 30 October 2018 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (Chair for IT Security Infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be a practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.
23/10/2018
On 25 October 2018 Alexander Neumann will give the German language talk “Sicheres Löschen von Daten auf SSDs” at the practical Hacker training in the context of the bachelor of computer science at the Bonn-Rhein-Sieg University of Applied Sciences in Sankt Augustin.
05/10/2018
Jens Liebchen was interviewed for the article „In fremder Hand” by the IHK Aachen.
25/09/2018
At the event “Mit Sicherheit! - Offener Austausch und Diskussion mit IT-Sicherheitsexperten” by the IHK Aachen on 11 October 2018 Jens Liebchen will answer your questions about IT security. Participation is free after registration.
13/08/2018
The weekend of 25 August - 26 August 2018, RedTeam Pentesting will again be present with a booth as a gold sponsor at FrOSCon in Bonn/St. Augustin. RedTeam Pentesting is always looking for new employees, we are happy to talk to you in person!
23/05/2018
On 23 May 2018 Alexander Neumann will give the German language talk “Sicheres Löschen von Daten auf SSDs” at the 8. IT-Forensik Workshop at the FH Aachen
09/04/2018
Two new advisories released: CyberArk Password Vault Memory Disclosure, CyberArk Password Vault Web Access Remote Code Execution.
13/03/2018
New advisory released: Shopware Cart Accessible by Third-Party Websites.
08/03/2018
New security advisory released: rt-sa-2018-001: Arbitrary Redirect in Tuleap.
01/03/2018
RedTeam Pentesting has a new member: Jonas Lieb reinforces the team as a new penetration tester.
13/02/2018
RedTeam Pentesting has a new member: Yvonne Breuer reinforces the team as a new penetration tester.
15/01/2018
New security advisory released: rt-sa-2017-013: Truncation of SAML Attributes in Shibboleth 2.
15/11/2017
On 16 November 2017 Alexander Neumann will give the German language talk “Sicheres Löschen von Daten auf SSDs” at the 41. DAFTA in Cologne
03/11/2017
New security advisory released: rt-sa-2016-008: XML External Entity Expansion in Ladon Webservice.
26/10/2017
Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 26 October 2017 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.
17/10/2017
RedTeam Pentesting has a new member: Daniel Küppers reinforces the team as a new penetration tester.
22/08/2017
Four new advisories for WebClientPrint Processor 2.0 released: Remote Code Execution via Print Jobs, Remote Code Execution via Updates, Unauthorised Proxy Modification and No Validation of TLS Certificates.
17/08/2017
As gold sponsor RedTeam Pentesting has a booth at FrOSCon in Bonn/St. Augustin next weekend (19 August - 20 August 2017). Alexander Neumann will give the presentation “Sicheres Löschen von Daten auf SSDs” (German) at 10:00 am on Saturday in room HS1.
27/07/2017
New advisory released: Cross-Site Scripting in TYPO3 Formhandler Extension.
24/07/2017
New advisories for multiple critical vulnerabilities in REDDOXX Suite released: Cross-Site Scripting, Unauthenticated Arbitrary File Disclosure, Unauthenticated Extraction of Session-IDs, Arbitrary File Disclosure with root Privileges via RdxEngine-API, Undocumented Administrative Service Account, Unauthenticated Access to Diagnostic Functions and Remote Command Execution as root.
05/07/2017
New advisory released: Remote Command Execution in PDNS Manager.
17/05/2017
On 19 May 2017, RedTeam Pentesting presents itself at the “ITS.Connect 2017” in Bochum and shares insights into the day-to-day work of a penetration tester.
24/04/2017
RedTeam Pentesting is nominated for the AC² Regional Innovation Award 2017. The winner will be announced on June 1st in the coronation chamber of Aachen City Hall.
11/04/2017
Till Maas writes in the article “Aus der Praxis: Wie man einen Multifunktionsdrucker absichert” on the German website Heise Business Services about experiences with securing a multi-function printer.
06/04/2017
Patrick Hof represents RedTeam Pentesting at the G20 Multi Stakeholder Conference „Digitalisation: Policies for a Digital Future”.
09/03/2017
NRW.INVEST presents RedTeam Pentesting’s company profile in the magazine “Movers & Shakers in NRW” as one of the leading companies in their business.
24/02/2017
RedTeam Pentesting is excited to support the FrOSCon in Bonn/St. Augustin this year as gold sponsor. See you there!
30/01/2017
Follow RedTeam Pentesting on Twitter to get the latest updates about RedTeam and the IT-security world!
23/12/2016
New advisory released: Padding Oracle in Apache mod_session_crypto.
16/12/2016
On 19 December 2016, Patrick Hof will give a guest lecture with the title “Operating Systems Security And Why It (Mostly) Doesn’t Matter” in the module Operating Systems Security at Radboud Universiteit Nijmegen.
24/11/2016
New advisory released: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler.
17/11/2016
On 11/07/16, the german TV station WDR showed in its Servicezeit program a report with RedTeam Pentesting about a vulnerability in the AVM FRITZ!Box firmware which allowed attackers to initiate phone calls on behalf of the owner of the FRITZ!Box.
24/10/2016
Jens Liebchen will give the talk “Alles wird gut? Über Menschen, Angreifer & die Zukunft” (Everything will be fine? About humans, attackers and the future) on 2 November 2016 at the Leetcon.
24/10/2016
Alexander Neumann will give the talk “Daten löschen, aber richtig - über die Besonderheiten von SSDs” (Deleting data the right way - about the specialities of SSDs) on 2 November 2016 at the Leetcon.
17/10/2016
Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 20 October 2016 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.
10/10/2016
The Handelsblatt reports in the article “Der Hacker als Helfer” about RedTeam Pentesting.
31/05/2016
Three new advisories released: XML External Entity Expansion in Paessler PRTG Network Monitor, Websockify: Remote Code Execution via Buffer Overflow and Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution.
11/05/2016
The slides of the talk “Penetration Tester – Click Monkey or Creative Hacker?”, held by Sebastian Chrobak at the Security Lab 2016 of the Research Group IT-Security of the RWTH Aachen University, are now available in the publications section.
26/04/2016
The slides of the talk “Was Dein ist, ist Mein – Datensicherheit aus der Angreiferperspektive”, held by Jens Liebchen on the occasion of the World Intellectual Property Day at the TZ Aachen, are now available in the publications section.
25/04/2016
Today, the article “Immer auf der Suche nach Schwachstellen” about RedTeam Pentesting’s work was published in Aachener Zeitung (Issue 25. April 2015, Page 6). It is also available online (AZ).
24/03/2016
The state of North Rhine-Westphalia has awarded RedTeam Pentesting for its outstanding performance as a “worldwide market leader specialized in penetration testing” as part of the campaign GERMANY AT ITS BEST. A certificate issued by the state’s ministry for economic affairs is available for download.
22/03/2016
New security advisory released: Cross-site Scripting in Securimage 3.6.22
15/02/2016
At 2 p.m. on 17 February 2016, Jens Liebchen will be part of an expert panel in the (German language) live webcast “Sind Ihre Drucker ausreichend gegen Angriffe geschützt?” of heise Business Services. The panel will discuss the role that printers and multi-function peripherals play for the IT security of businesses. Participants are required to register prior to the event.
26/01/2016
On 6 February, Till Maas will give the talk “Let’s Encrypt with Best Practices” at the DevConf.cz conference in Brno, Czech Republic.
08/01/2016
New security advisory released: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
07/01/2016
Two new security advisories released: AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images and AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
04/01/2016
RedTeam Pentesting has a new member: Philip Huppert reinforces the team as a new penetration tester.
22/12/2015
New security advisory released: rt-sa-2015-013: Symfony PHP Framework: Session Fixation In “Remember Me” Login Functionality
16/12/2015
On 21 December, Sebastian Chrobak and Jens Liebchen will give a talk about physical security and host a subsequent discussion concerning IT security in practice. The talk and discussion will take place in context of the lecture IT Security 1 of the Research Group IT-Security at the RWTH Aachen University.
30/11/2015
Todays issue 231 of the German Handelsblatt contains the article “Wo ist die Schwachstelle?” that quotes Jens Liebchen, CEO of RedTeam Pentesting GmbH.
06/11/2015
RedTeam Pentesting has a new member: David Brown reinforces the team as a new penetration tester.
08/10/2015
New security advisory released: rt-sa-2015-006: Buffalo LinkStation Authentication Bypass
18/08/2015
The slides from the talk “Security Threats at Conferences”, held at the Flock 2015 conference in Rochester, NY, USA are now available in the publications section.
06/08/2015
We are happy to be able to support the city of Aachen’s campaign “Wussten Sie schon, dass…” in promoting the Technology Region Aachen. Our contribution can be found on the website of the city of Aachen, or on our own website as a PDF document or as an image file.
27/07/2015
On 12 August, Till Maas will give the talk “Security Threats at Conferences” at the Fedora Contributor Conference in Rochester, NY, USA.
15/06/2015
New security advisory released: rt-sa-2015-002: SQL Injection in TYPO3 Extension Akronymmanager
10/06/2015
Two new security advisories released: rt-sa-2015-003: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID and rt-sa-2015-004: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
08/06/2015
On 18 June, Hanno Heinrichs will give the (German language) talk “Your Home is my Castle” at the Cryptoparty organised by the Fachschaft Mathematik/Physik/Informatik of RWTH Aachen University.
08/06/2015
On 8 July RedTeam Pentesting will present itself at the bonding CyberDay 2015 in Aachen. Jens Liebchen will also give the (German language) talk “Beruf: Hacker” which will give an insight into the work as a penetration tester.
26/05/2015
The Audit Challenge conference for audit methodology will take place in Frankfurt from 8 until 12 June. Thursday the 11th will host presentations and discussions on the topic of fraud investigation and prevention. RedTeam Pentesting will give a presentation and will take part in a panel discussion on prevention measures relevant to Industry 4.0.
10/03/2015
On 18 March, Patrick Hof will give the (German language) talk „Achtung, Unfall voraus…?” on IT security in public transport companies at the itcs seminar of the year 2015 „Innovationen rund um die Echtzeit” by the VDV.
18/02/2015
New security advisory released: rt-sa-2014-016: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite
10/02/2015
New security advisory released: rt-sa-2014-013: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page
10/02/2015
On 25 February 2015, Jens Liebchen will be at the 22. DFN-Konferenz “Sicherheit in vernetzten Systemen” in Hamburg, discussing success factors for good penetration tests based on his practical experience as a penetration tester. The language of the talk will be German.
21/01/2015
New security advisory released: rt-sa-2014-010: AVM FRITZ!Box Firmware Signature Bypass
12/01/2015
New security advisory released: rt-sa-2014-015: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
03/12/2014
The (German) slides from the talk “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, held at the IT-Sicherheitstag NRW in Hagen are now available in the publications section.
01/12/2014
New security advisory released: rt-sa-2014-012: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
The vulnerability enables attackers to fully compromise the application servers that host the mobile device management components and therefore most likely also all devices managed through the solution.
01/12/2014
Three new security advisories released: rt-sa-2014-007: Remote Code Execution in TYPO3 Extension ke_dompdf, rt-sa-2014-009: Information Disclosure in TYPO3 Extension ke_questionnaire and rt-sa-2014-011: EntryPass N5200 Credentials Disclosure
07/10/2014
On 10 December 2014 Patrick Hof will give a live interview at the 2. SZ-Fachkonferenz: Versicherung und Internet on the topic “Hackerangriffe – wie die Profis vorgehen: Wo liegen die größten Sicherheitslücken?”. The language of the interview will be German.
07/10/2014
On 3 December 2014 Jens Liebchen will give a talk at the IT-Sicherheitstag NRW on the topic “Angriff zur Verteidigung - Erfolgsfaktoren für gute Penetrationstests”. The language of the talk will be German.
06/10/2014
RedTeam Pentesting has a new member: Hanno Heinrichs reinforces the team as a new penetration tester.
26/06/2014
New security advisory released: rt-sa-2014-008: Python CGIHTTPServer File Disclosure and Potential Code Execution
25/06/2014
Two new security advisories released: rt-sa-2013-002: Endeca Latitude Cross-Site Request Forgery and rt-sa-2013-003: Endeca Latitude Cross-Site Scripting
05/06/2014
New security advisory released: rt-sa-2014-006: Directory Traversal in DevExpress ASP.NET File Manager
28/05/2014
Two security advisories released: rt-sa-2014-004: Remote Command Execution in webEdition CMS Installer Script and rt-sa-2014-005: SQL Injection in webEdition CMS File Browser
27/05/2014
On 17 June 2014 Jens Liebchen will give the talk “Multifunktionsdruckgeräte und IT-Sicherheit: Ein Erfahrungsbericht” at the VDE Regio Aachen course of lectures on IT security. The talk will be held in the lecture room FT of the RWTH Aachen (Melatener Str. 23-25, 52074 Aachen). There is no entrace fee and visitors are explicitly welcome. The language of the talk will be German.
13/05/2014
The new category testmonials contains anonymised customer statements about RedTeam Pentesting’s services. The testimonials displayed are rotated on a regular basis, to provide a comprehensive picture.
08/05/2014
Security advisory released: rt-sa-2014-003: Metadata Information Disclosure in OrbiTeam BSCW
05/05/2014
RedTeam Pentesting has a new member: Sebastian Neumann reinforces the team as a new penetration tester.
27/03/2014
Security advisory released: rt-sa-2014-002: rexx Recruitment Cross-Site Scripting in User Registration
25/02/2014
Security advisory released: rt-sa-2014-001: McAfee ePolicy Orchestrator XML External Entity Expansion in Dashboard
13/01/2014
On 16 January, Patrick Hof will give the (German language) talk “IT-Sicherheit und Kryptographie in der Praxis” at the Cryptoparty organised by the Fachschaft Mathematik/Physik/Informatik of RWTH Aachen University.
24/10/2013
On invitation by the GDD Jens Liebchen will give a talk titled “Jailbreaking Your MFP for more Security - MFPs, sensible Druckdaten und IT-Sicherheit: Ein Erfahrungsbericht” at the 37. Datenschutzfachtagung (DAFTA) held in Cologne from 14 to 15 November 2013.
24/10/2013
On 29 November 2013 Jens Liebchen will give the talk “Jailbreaking Your MFP for more Security - MFPs, sensible Druckdaten und IT-Sicherheit: Ein Erfahrungsbericht” at the computing centre of the RWTH Aachen University. The talk will take place in the lecture room of the Rechenzentrum from noon to 2pm. External visitors are explicitly welcome. After the talk there will be room for an interactive session and open discussion. The language of the talk will be German.
10/10/2013
Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 25 October 2013 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.
09/09/2013
RedTeam Pentesting is happy to sponsor the capture the flag contest “rwthCTF 2013” of RWTH Aachen University’s Research Group IT Security. The CTF starts on 9 November at 2pm (CET) and ends on 10 November at 2am.
19/07/2013
By 31 July 2013, Claus R. F. Overbeck will leave RedTeam Pentesting GmbH. This step was meticulously prepared over the last six months. With the familiar executives Patrick Hof and Jens Liebchen, RedTeam Pentesting GmbH’s team will continue to offer penetration tests in the established high quality.
01/07/2013
RedTeam Pentesting has a new member: Lukas Kupczyk reinforces the team as a new penetration tester.
16/05/2013
On 25 May 2013, Jens Liebchen will give the talk “Jailbreaking Your MFP for More Security” at the LinuxTag 2013 in Berlin. The talk was already given with much success at the 20. DFN Workshop in February.
03/05/2013
New advisory released: rt-sa-2013-001: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution.
01/03/2013
The German magazine “Wirtschaftliche Nachrichten” of the IHK Aachen reports in the article “Angriff auf Abruf” about the work as penetration tester at RedTeam Pentesting.
20/02/2013
The (German) slides for the talk “Jailbreaking Your MFP for More Security” given by Jens Liebchen at the 20. DFN-Workshop “Sicherheit in vernetzten Systemen” are available in the publications section.
22/01/2013
Today Stella Peters of eldoradio* (a German radio station) interviewed Jens Liebchen about penetration tests and job trainings for penetration testers. The German interview will be aired on 01/23/2013 and will be available as a podcast afterwards.
08/01/2013
RedTeam Pentesting has a new member: Benjamin Grap reinforces the team as a new penetration tester.
08/01/2013
On 20 February 2013, Jens Liebchen of RedTeam Pentesting will hold the talk “Jailbreaking Your MFP for More Security” at the 20. DFN-Workshop “Sicherheit in vernetzten Systemen” in Hamburg. The talk will cover the pitfalls of purchasing and operating MFPs (multi-function printer) in sensitive environments and will highlight some creative ways of avoiding or remedying them.
07/11/2012
RedTeam Pentesting is happy to sponsor the capture the flag contest “rwthCTF 2012” of RWTH Aachen University’s Research Group IT Security. The CTF starts on 30 November at 2pm (CET) and ends on 1 December at 2am.
18/10/2012
Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 30 October 2012 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . RedTeam Pentesting is glad to be able to again support the University with a presentation and practical expertise.
10/10/2012
Patrick Hof was interviewed by the Deutsche Welle for their online article “Cyber attacks turn into a business model” about distributed denial of service (DDoS) attacks against banking IT.
03/09/2012
Open positions for penetration testers! More information in the new career section.
21/06/2012
The (German) slides for the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen” given by Patrick Hof at the ESMT Management Update 2012 are available in the publications section.
02/05/2012
New advisory released: rt-sa-2012-002: php-decoda: Cross-Site Scripting in Video Tags.
26/04/2012
The (German) slides for the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen” given at IHK Aachen are available in the publication section.
05/04/2012
On 25 April 2012 Jens Liebchen will hold a lecture at the Technologieforum IT & Telekommunikation ”Datensicherheit – Wie schütze ich mein Unternehmen” at the IHK Aachen with the topic ”Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”. Attendance is free, but registration at IHK Aachen is required. The lecture will be held in German.
31/03/2012
Jens Liebchen gave an interview to the German online magazine “All About SECURITY” about the topic “Welche Argumente lassen sich für die Begründung eines Pentests heranziehen?” (good reasons for penetration tests).
29/02/2012
The slides and paper for the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten” given by Alexander Neumann on Februar 22nd, 2012 at the 19. DFN-Workshop “Sicherheit in vernetzten Systemen” can be found in the publications section.
13/02/2012
On 22 February 2012, Alexander Neumann will give the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten” about the risks of using URL shortening services at the 19th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the second workshop day, 9:30am.
03/01/2012
New advisory released: rt-sa-2012-001: Bugzilla: Cross-Site Scripting in Chart Generator.
15/12/2011
Two new advisories released: rt-sa-2011-005: Owl Intranet Engine: Authentication Bypass and rt-sa-2011-006: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes.
30/11/2011
Jens Liebchen was interviewed by the radio station DRadio Wissen for the news item “Bundesweiter Penetrationstest” about the German crisis management exercise LÜKEX (Länder Übergreifende Krisenmanagement-Übung) 2011.
24/11/2011
Claus Overbeck was interviewed by the German magazine Wirtschaftswoche for the article “Lautlose Attacken aus dem Netz”.
26/10/2011
Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 8 November 2011 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg and 5 Dezember 2011 at the Fachhochschule Aachen in the course Informationssicherheit (information security). RedTeam Pentesting is glad to be able to again support Universities with a presentation and practical expertise.
04/10/2011
RedTeam Pentesting has a new member: Matthias Lederhofer reinforces the team as a new penetration tester.
28/09/2011
The fluter Magazine of the German Federal Agency for Civic Education cites Patrick Hof on the topic of penetration tests in the article “Krieg oder Cyberprotest”.
23/09/2011
Issue 05/2011 of ADMIN Magazine will include the english translation of an article about physical security written by RedTeam Pentesting, that was already published in the German edition. Release dates are October 7 for the EU, November 11 for the US and December 12 for the australian edition.
14/09/2011
Jens Liebchen answers questions about online banking security today at 6:20pm for the German TV show WDR Servicezeit.
13/09/2011
RedTeam Pentesting is using a new telephone number. From now on you can reach RedTeam Pentesting via phone at +49 241 510081-0 or via fax at +49 241 510081-99. We are looking forward to your call!
26/07/2011
On August 5 2011 at 2:00pm, Alexander Neumann will give a talk about “Exploiting Padding Oracles in Practice” at the IT Security Research Group (in the seminar room) of RWTH Aachen University. Everybody is welcome to join the free talk, though cryptographic knowledge is needed. The talk will be given in German.
13/07/2011
In the current edition of the German magazine ADMIN-Magazin an article about physical security written by RedTeam Pentesting was published.
05/07/2011
Patrick Hof talks about risks of online banking today at 5:30pm in Das Sat.1 Magazin.
14/06/2011
On July 1st, Patrick Hof will hold the workshop “Aktuelle Fälle von Datendiebstahl und wie sie grundsätzlich funktionieren - Hintergrundwissen für Journalisten” at the Netzwerk Recherche’s Jahreskonferenz 2011 in Hamburg.
08/06/2011
Jens Liebchen comments on new security measures for online banking for the German TV station n-tv. The interview will be aired on June 10, 2011.
17/05/2011
On May 26 2011, Alexander Neumann will give a talk about “Security and Privacy Implications of URL Shortening Services” at the IEEE Symposium on Security and Privacy in the workshop part Web 2.0 Security and Privacy 2011 (W2SP) in Oakland, California.
04/05/2011
Two new advisories released: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances, Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface.
19/04/2011
RedTeam Pentesting demonstrates for the German TV show MDR Umschau how easy unauthorised persons can break into hotel rooms.
18/04/2011
Claus Overbeck of RedTeam Pentesting talked about penetration testing in the interview “Wir brechen tagtäglich ein” with the German WirtschaftsWoche.
31/03/2011
RedTeam Pentesting has a new member: Angel Tchorbadjiiski reinforces the team as a new penetration tester.
15/03/2011
Two new advisories released: nostromo nhttpd directory traversal leading to arbitrary command execution, SugarCRM list privilege restriction bypass.
26/02/2011
Jens Liebchen of RedTeam Pentesting was interviewed for the German article “Das Handy als Autoschlüssel oder Kreditkarte” by the WDR and talks about near field communication.
21/02/2011
Jens Liebchen of RedTeam Pentesting was interviewed for the German article “Banken schaffen TAN-Listen ab” by the WDR and talks about new and old risks of online banking.
18/02/2011
Jens Liebchen held the talk “Physical Security - Wenn Türen zu Firewalls werden” at the 18th DFN Workshop. The slides from the talk can be found in the publications section.
09/02/2011
A video of Claus Overbeck’s talk about “Ten Commandments of IT-Security for WEB 2.0 Startups” is now available at the HackFwd Blog and on Vimeo.
26/01/2011
On February 10th, RedTeam Pentesting will give the talk “Physical Security - Wenn Türen zu Firewalls werden” about physical security and its relation to IT security at the 18th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the second workshop day, 10:00am.
10/12/2010
Claus Overbeck held a talk about “Ten Commandments of IT-Security for WEB 2.0 Startups” at the HackFwd Build 0.4. The slides from the talk can be found in the publications section.
12/11/2010
Jens Liebchen of RedTeam Pentesting was interviewed for the report “Gefahr durch Industriespionage” of the WDR programme WESTPOL. It will be part of the show broadcast on November 14, 2010, at 7:30pm.
22/09/2010
On September 2010, RedTeam Pentesting will give the lightning talk “Forgotten JBoss AS exploitation techniques” at the BruCON security conference in Brussels.
20/08/2010
On August 31, 2010 RedTeam Pentesting will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” at the event Praktische IT-Sicherheit, Hochschule Bonn-Rhein-Sieg.
12/07/2010
The slides plus link collection for the workshop “Un(der)cover - Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse”, held at the Netzwerk Recherche’s annual conference 2010 in Hamburg, are now available under Publications.
06/07/2010
On July 9th, RedTeam Pentesting will hold the workshop “Un(der)cover - Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse” at the Netzwerk Recherche’s Jahreskonferenz 2010 in Hamburg.
18/06/2010
RedTeam Pentesting will be present at the Informatica 2010 in Aachen on June 25th, 2010. More information is available in Regina e.V.’s program schedule (German).
15/06/2010
As of now, a new information page about JBoss Security is available. It also contains the new whitepaper “JBoss AS - Deploying WARs with the DeploymentFileRepository MBean” and scripts for download.
30/04/2010
Video of the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now?”(German), held at Ruhr-Universität Bochum, is now available online.
13/04/2010
On April 21, 2010 RedTeam Pentesting GmbH will present the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” (in German) at the Bachelor-Vertiefungspraktikum zur Hackertechnik of the Chair for Network and Data Security, Ruhr-Universität Bochum.
12/04/2010
The slides from the talk “Peeking into Pandora’s Bochs - Instrumenting a Full System Emulator to Analyse Malicious Software”, held at the Hackito Ergo Sum 2010 security conference, are now online.
07/04/2010
RedTeam Pentesting GmbH will be presenting the talk “Peeking into Pandora’s Bochs - instrumenting a full system emulator to analyse malicious software” at the Hackito Ergo Sum IT security conference in Paris (April 08th-10th 2010).
05/02/2010
On February 9th, RedTeam Pentesting will give the talk “Emulationsbasiertes Entpacken von laufzeitgepackten Schadprogrammen und darüber hinaus” about emulation based unpacking of runtime packed malware at the 17th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the first workshop day, 4:15pm.
27/01/2010
Three new advisories released: Security vulnerabilities in the Geo++(R) GNCASTER NTRIP Caster.
21/12/2009
Proof of Concept Code for the TLS Renegotiation Vulnerability published.
01/12/2009
The Whitepaper of the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” is now available also available in English at the Publications page.
24/11/2009
The paper “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System” is now also available in English.
23/11/2009
German press release “Online-Banking: Erfolgreicher Angriff gegen chipTAN comfort-Verfahren” (German) and paper “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System” published.
20/11/2009
RedTeam Pentesting examined the online banking systems iTAN and chipTAN comfort and devised attacks against them for the German TV magazine Planetopia on SAT1. The results will be shown on November 22nd, 2009 at 10:45pm. Full details about all attacks will be published on Monday, November 23rd, 2009 under Publications.
[Update] The video “Vorsicht beim Online-Banking – Wie unsicher ist die neue chipTAN?” can now be watched on the Planetopia website.
[Update] The video is not available anymore.
02/11/2009
RTL Télé Lëtzebuerg published a short report about hack.lu 2009, including a part about RedTeam Pentesting GmbH.
02/11/2009
The (German) article “Ubiquitous Security – ganz gewöhnliche Angriffsvektoren”, published by SearchSecurity.de is now listed in the “press” section. The article contains commentary by Jens Liebchen of RedTeam Pentesting GmbH.
02/11/2009
The slides from the talk “Peeking into Pandora’s Bochs - Instrumenting a Full System Emulator to Analyse Malicious Software”, held at the hack.lu 2009 security conference, are now online.
30/10/2009
While attending the hack.lu security conference in Luxembourg, RTL Télé Lëtzebuerg did a short interview with RedTeam Pentesting. It is scheduled to be shown during today’s evening news “De Journal” at 19:30. You can watch it at the RTL Livestream.
23/10/2009
RedTeam Pentesting GmbH will be presenting the talk “Peeking into Pandora’s Bochs - instrumenting a full system emulator to analyse malicious software” at the hack.lu IT security conference in Luxembourg (October 28th-30th 2009).
28/07/2009
RedTeam Pentesting will present the talk „Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” at FrOSCon. FrOSCon is a two-day conference about Free Software and Open Source. .
03/06/2009
The Whitepaper of the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” is now available at the Publications page. It contains detailed descriptions of the attacks presented in the talk.
02/06/2009
On June 17th 2009, RedTeam Pentesting will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” (German) at the IHK Aachen. The event happens together with the Verfassungsschutz NRW and the Landesinitiative secure-it.nrw. The central theme of the talk will be examples from penetration tests and real cases of industrial espionage, which point out surprising risk factors.
14/05/2009
As of today, RedTeam Pentesting’s website is available in a new design. Following this update, the contents will also be expanded and updated over time.
05/05/2009
Four advisories concerning the IceWarp eMail Server released.
04/05/2009
On May 19th 2009, RedTeam Pentesting will give the talk „Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” at the Center for Computing and Communication of RWTH Aachen University. Because of the available time, all attacks can be demonstrated live. Participation is free for everyone interested, only a registration is required.
04/05/2009
On May 8th 2009, RedTeam Pentesting is represented with a booth at the 25th anniversary celebrations of the Technology Centre Aachen. Amongst other things, RedTeam Pentesting will show how to eavesdrop on DECT telephones. Visitors are encouraged to bring their own telephones, which will then be examined on-site.
06/04/2009
RedTeam Pentesting has a new member: Alexander Neumann reinforces the team as a new penetration tester.
06/04/2009
Euregio aktuell mentions RedTeam Pentesting in their article “Europäische Tagung in Aachen” (European conference in Aachen), which happened in the context of the EU project FIN-URB-ACT.
19/03/2009
The slides from the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” held at the 16th DFN-CERT Workshop in Hamburg are now online.
09/03/2009
The slides from the talk “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” held at the security day of the open source forum at the CeBIT are now online.
05/03/2009
The slides from the talk “Practical Security and Crypto: Why Mallory Sometimes Doesn’t Care” held at the EiPSI seminar at the TU Eindhoven are now online.
27/02/2009
On March 04, 2009 RedTeam Pentesting will give a talk at the EiPSI Seminar of the Eindhoven University of Technology with the title “Practical Security and Crypto: Why Mallory Sometimes Doesn’t Care”.
27/02/2009
On March 06, 2009 RedTeam Pentesting will give a talk at the CeBIT with the title “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” (in German) at the Open Source forum’s security day. The German Linux Magazine will also do a live streaming of the event.
09/02/2009
On 17th/18th February 2009, RedTeam is attending the IT Security Gipfel 16 in Berlin.
26/01/2009
The slides from the talk “IT-Security in Theorie und Praxis” at the IHK Arnsberg are now online.
16/01/2009
On January the 22th 2009, RedTeam Pentesting will give the talk “IT-Security in Theorie und Praxis” at the IHK Arnsberg.
05/01/2009
On March 17th, RedTeam Pentesting will give the talk “Bridging the Gap between the Enterprise and You” about vulnerabilities in JBoss AS installations at the 16th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the first workshop day, after the keynote.
02/01/2009
The Gründerregion Aachen interviewed RedTeam Pentesting about the risks of Web 2.0 technologies for issue 3/2008 of their news journal “Gründerzeitung”.
20/10/2008
RedTeam Pentesting is taking part in the IT Security Gipfel 15 in Berlin.
20/10/2008
RedTeam Pentesting will give a talk titled “Bridging the Gap between the Enterprise and You” at the security conference hack.lu 2008 on 23rd October. The talk covers typical vulnerabilities of JBoss installations and their exploitation.
09/10/2008
RedTeam Pentesting has grown substantially and moved to new premises within the Aachen Technology Centre. Telephone and Fax numbers remain the same.
19/09/2008
On September 24, RedTeam Pentesting will give a (German language) talk titled “IT-Security in Theorie und Praxis - Über ‘harmlose’ Geräte und andere Denkfehler” at the event “Brennpunkt IT-Sicherheit: Risiken - Strategien - Konzepte“ at the Technologiezentrum am Europaplatz in Aachen.
13/06/2008
Stern.de published an article (German) about vulnerabilities, that RedTeam Pentesting demonstrated in cooperation with the Independent Centre for Privacy Protection Schleswig-Holstein (ULD).
02/06/2008
In collaboration with the Independent Centre for Privacy Protection Schleswig-Holstein (ULD), RedTeam Pentesting revealed on behalf of the german TV show ZDF Frontal21 security vulnerabilities in MFPs (Multi Function Peripherals). The show airs on June the 3rd, 9:00pm.
29/04/2008
The Slides of the talk “Penetration Testing - Praxis and Beyond” at the working group Security of the German speaking Bull User Society are now online.
04/04/2008
The slides from the talk “Iterative Kompromittierungsgraphverfeinerung als methodische Grundlage für Netzwerkpenetrationstests” at the Sicherheit 2008 security conference are now online.
02/04/2008
The slides from the talk “Ubiquitous IT Security - Warum die Firewall nicht schützen konnte” at the Sicherheit 2008 security conference are now online.
25/03/2008
On 03/26/08, the german TV station WDR shows in its Servicezeit Familie program a report with RedTeam Pentesting about the dangers of online banking.
19/03/2008
At the Sicherheit 2008 (2nd-4th of April 2008) conference we will be giving a talk about a graph-theoretic approach to estimating costs of penetration tests. As a sponsor of the conference we will also be present with a booth.
11/03/2008
Two advisories concerning MapBender released.
13/02/2008
The slides from the talk “Effiziente Beobachtung von Botnetzen” at the 15th DFN workshop “Sicherheit in vernetzten Systemen” are online.
21/01/2008
The german print magazine Focus Magazin publishes a cover story about online banking security in issue 04/2008. RedTeam Pentesting has given an interview.
14/01/2008
Claus Overbeck will give a talk about efficient observation of botnets at 15th DFN Workshop “Sicherheit in vernetzten Systemen”.
22/10/2007
The slides from the talk “Botspy - Efficient Observation of Botnets” at the hack.lu security conference are online.
28/09/2007
The slides for the workshop “Effektive Onlinerecherche im Internet” are online.
26/09/2007
RedTeam Pentesting will hold a workshop (in german) on 09/29/07 with the topic “Effektive Onlinerecherche im Internet” (effective online research in the Internet) at the “Zukunftskongress Ethik 2.0 - Schöne neue Online-Welt?” of the Journalistenverband Baden-Württemberg and the DJV-Bundesfachausschuss Online.
17/09/2007
Remote command execution in Alcatel-Lucent OmniPCX
30/07/2007
All About Security has published an (German) interview with RedTeam Pentesting.
13/07/2007
Four advisories concerning ActiveWeb Contentserver CMS released.
04/07/2007
Two new advisories:
rt-sa-2007-002: Fujitsu-Siemens ServerView Remote Command Execution
rt-sa-2007-003: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure
21/03/2007
The slides from the German talk at the IHK Aachen (Chamber of Industry and Commerce in Aachen) can be downloaded in the publications area.
07/03/2007
RedTeam Pentesting will support the event called IT-(Un-)Sicherheit - Augen zu und durch? Oder Penetrationtests durchführen lassen organized by the German Chamber of Industry and Commerce in Aachen at 03/21/07.
07/02/2007
The slides from the German talk “IT-Security aus dem Nähkästchen - oder - »Das kann mir nicht passieren…«” are available for download in the publications section.
01/02/2007
At February, the 7th - 8th, there will be a German it-security conference called “14. Workshop “Sicherheit in vernetzten Systemen” in Hamburg. RedTeam Pentesting will give a talk titled “IT-Security aus dem Nähkästchen - oder - Das kann mir nicht passieren…” there.
12/12/2006
New articel in German magazin “Der EDV-Leiter” published. The article is available for download here (German PDF).
06/11/2006
Dec. the 08th, RedTeam Pentesting will hold a talk about Pentesting. This will take place in the context of the event “IT-Security as a guarantee for success” at the AGIT, organized by ACC-EC.
31/10/2006
New Advisory: Authentication bypass in BytesFall Explorer
20/10/2006
RedTeam Pentesting held a talk at the Hack.lu 2006 about the cryptochallenge of the Hack.lu 2005. The slides can be downloaded under publications.
12/10/2006
RedTeam supports the NRW-Forschungstag IT-Sicherheit. Besides the manifold talks there is a dedicated area with selected exhibitors. The event aims especially at a better co-operation between science and economy and takes place on Wednesday, October 25th, in Aachen. There is no entrence fee.
12/09/2006
The German radio station Eins Live did an interview with RedTeam covering the subjects IT security in research and teaching as well as the experience of our daily work. There is an accompanying article in German available under the title “Hacken lernen in Aachen” (“learning to hack in Aix-la-Chapelle”).
31/08/2006
The slides from the presentation at the OpenChaos can now be found under publications.
29/08/2006
The news article “Studieren in der Grauzone” is linked under press. Die Zeit reports on world’s best hackers from Aachen.
24/08/2006
The Chaos Computer Club Cologne e.V. (C4) invited RedTeam to give a talk within their OpenChaos events. The talk with the topic “Hacking for Security - Penetrationtests” will take place on Thursday, August 31st, 08:00 pm local time on the premises of the C4 and is open for everyone. The talk will be held in German.
20/07/2006
Vulnerable regular expression in planetGallery discovered.
rt-sa-2006-006: Remote command injection
15/06/2006
Two new security advisories regarding phpBannerExchange released: Especially interesting is the circumvention of the eregi()-input-checking using a nullbyte in rt-sa-2006-005 because of a design flaw in PHP.
rt-sa-2006-004: Authentication bypass in phpBannerExchange
rt-sa-2006-005: Unauthorized password recovery in phpBannerExchange
22/05/2006
Podcast Clients: Two new advisories released: Prodder Remote Arbitrary Command Execution & Perlpodder Remote Arbitrary Command Execution
20/04/2006
Added more information about PenTests
13/04/2006
New advisory released: PAJAX Remote Code Injection and File Inclusion Vulnerability
22/02/2006
In cooperation with the Center for Computing and Communication of RWTH Aachen University RedTeam will repeat the speech about penetration tests on March, 6nd, at 02:00 pm because of the great demand. The event titled “Hacking for your Security - Penetrationtesting - reloaded” will be in German again and the registration has just started.