Advisories

rt-sa-2025-002: Reflective Kerberos Relay Attack Against Domain-Joined Windows Clients and Servers

rt-sa-2025-001: Shopware Unfixed SQL Injection in Security Plugin 6

rt-sa-2024-012: Docusnap Inventory Files Encrypted with Static Key

rt-sa-2024-009: Moodle: Remote Code Execution via Calculated Questions

Additionally to penetration tests, RedTeam Pentesting conducts research in the area of IT security. Penetration tests may also yield interesting security flaws for the public. After consulting with the customer, those will be published, too, as long as the security of the customer is not compromised. A list of all published security advisories can be found here.

Talks

17/06/2024 - Behind the Screens: Insights and Stories of Real-World Penetration Testing, Hasso Plattner Institute

Slides from the talk, held at the event “Recent Topics in Cybersecurity” at the Hasso Plattner Institute.

16/01/2024 - Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt, Studierende treffen Alumni und Unternehmensexpert:innen, FH Aachen University of Applied Sciences

Slides from the talk “Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt”, held at the event “Studierende treffen Alumni und Unternehemensexpert:innen” at the FH Aachen University of Applied Sciences.

02/10/2023 - Gezielter Ausnahmezustand - Penetrationstests

Slides from the talk “Gezielter Ausnahmezustand – Penetrationstests” held as introduction for a discussion as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswer k.

Other Publications

11/06/2025 - “Paper: Reflective Kerberos Relay Attack”

The linked paper contains an in-depth description of a novel vulnerability discovered by RedTeam Pentesting. It grant attackers the ability to execute commands on domain-joined Windows computers with the highest privileges (NT AUTHORITY\SYSTEM).