News

19/07/2023
New advisory released: Session Token Enumeration in RWS WorldServer.
12/07/2023
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.
05/06/2023
In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX.
01/06/2023
New advisory released: STARFACE: Authentication with Password Hash Possible.
30/05/2023
Several advisories for vulnerabilities in the open-source software Pydio Cells released: Unauthorised Role Assignments, Cross-Site Scripting via File Download, Server-Side Request Forgery.
09/05/2023
Today we released our newly developed program resocks. The accompanying blog post covers its usage and technical details.
12/04/2023
Our new blog post describes the approach to integrate our new printer in our office infrastructure aiming to meet our specified security requirements.
10/02/2023
Jens Liebchen held the talk “Physical Security – Wenn Türen zu Firewalls werden” on 7 February 2023 at the Chair for IT Security Infrastructures of the Friedrich-Alexander-Universität Erlangen-Nürnberg. The German language slides are available for download under Publications.
26/01/2023
New advisory released: Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin.
18/01/2023
Alexander Neumann held the talk „Mitbringsel aus dem Alltag: Star Wars in der niedersächsischen Provinz” at the event “Studierende treffen Alumni und Unternehmensexperten” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.

Advisories

rt-sa-2023-005
Pydio Cells: Server-Side Request Forgery
rt-sa-2023-004
Pydio Cells: Cross-Site Scripting via File Download
rt-sa-2023-003
Pydio Cells: Unauthorised Role Assignments
rt-sa-2023-001
Session Token Enumeration in RWS WorldServer
rt-sa-2022-004
STARFACE: Authentication with Password Hash Possible
rt-sa-2022-002
Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin
rt-sa-2021-009
Credential Disclosure in Web Interface of Crestron Device
rt-sa-2021-007
Auerswald COMpact Multiple Backdoors
rt-sa-2021-006
Auerswald COMpact Arbitrary File Disclosure
rt-sa-2021-005
Auerswald COMpact Privilege Escalation

> Publications vertical divider

Publications

07.02.2023 - Physical Security - Wenn Türen zu Firewalls werden, Chair of IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Chair of IT Security Infrastructures at the University of Erlangen-Nürnberg.
17.01.2023 - Mitbringsel aus dem Alltag: Star Wars in der niedersächsischen Provinz, Studierende treffen Alumni und Unternehmensexperten, FH Aachen University of Applied Sciences, Slides (German)
Slides from the talk “Mitbringsel aus dem Alltag: Star Wars in der niedersächsischen Provinz”, held at the event “Studierende treffen Alumni und Unternehemensexperten” at the FH Aachen University of Applied Sciences.
17.01.2022 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held online at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
21.10.2021 - IT-Sicherheit: Unterwegs zwischen zwei Welten Slides (German)
Slides from the talk “IT-Sicherheit: Unterwegs zwischen zwei Welten”, held at Technologiezentrum Aachen.
27.01.2021 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held online at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
05.07.2019 - „Pentesting”, Freitagsseminar, III. Physikalisches Institut B, Slides (English)
Slides of the talk „Pentesting”, held at the Friday Seminar organized by the III. Physikalisches Institut B of the RWTH Aachen University.
24.06.2019 - „Pentesting in der Praxis”, Bonn-Rhein-Sieg University of Applied Sciences, Slides (German)
Slides of the talk „Pentesting in der Praxis”, held at the practical Hacker training at the Bonn-Rhein-Sieg University of Applied Sciences in Sankt Augustin.
04.12.2018 - „Sicherer Umgang mit Daten auf SSDs”, IT-Sicherheitstag NRW, Slides (German)
Slides of the talk „Sicherer Umgang mit Daten auf SSDs”, held at the IT-Sicherheitstag NRW by the IHK NRW.
23/05/2018 - „Sicheres Löschen von Daten auf SSDs”, 8. IT-Forensik Workshop, FH Aachen, Slides (German)
Slides of the talk „Sicheres Löschen von Daten auf SSDs”, held at the 8. IT-Forensik Workshop of FH Aachen.
26/10/2017 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
05/10/2017 - “Operation gelungen, Patient gläsern? Sicherheitslücken und ihre Konsequenzen im Medizinsektor”, MedLife e.V., Slides (German)
Slides from the talk “Operation gelungen, Patient gläsern? Sicherheitslücken und ihre Konsequenzen im Medizinsektor”, held at the MedLife – BusinessTreff spezial: Medical Big Data in Aachen.
15/02/2017 - “Daten löschen, aber richtig – Über die Besonderheiten von SSDs”, 24. DFN-Konferenz “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “Daten löschen, aber richtig – Über die Besonderheiten von SSDs”, held at the conference 24. DFN-Konferenz “Sicherheit in vernetzten Systemen” in Hamburg.
19/12/2016 - “Operating Systems Security And Why It (Mostly) Doesn't Matter” , Slides
Slides from the guest lecture “Operating Systems Security And Why It (Mostly) Doesn't Matter” held at the Operating Systems Security module at Radboud Universiteit Nijmegen.
02/11/2016 - “Alles wird gut? – Über Menschen, Angreifer und die Zukunft”, LeetCon 2016, Slides (German)
Slides from the talk “Alles wird gut? – Über Menschen, Angreifer und die Zukunft”, held at conference LeetCon 2016 in Hannover.
02/11/2016 - “Daten löschen, aber richtig – Über die Besonderheiten von SSDs”, LeetCon 2016, Slides (German)
Slides from the talk “Daten löschen, aber richtig – Über die Besonderheiten von SSDs”, held at the conference LeetCon 2016 in Hannover.
10/05/2016 - “Penetration Tester – Click Monkey or Creative Hacker?”, Research Group IT-Security, Slides (English)
Slides from the talk “Penetration Tester – Click Monkey or Creative Hacker?”, held at the Security Lab 2016 of the Research Group IT-Security of the RWTH Aachen University.
26/04/2016 - “Was Dein ist, ist Mein – Datensicherheit aus der Angreiferperspektive”, Event: “Schutz von Ideen in einer digitalen Welt”, Slides (German)
Slides of the talk “Was Dein ist, ist Mein - Datensicherheit aus der Angreiferperspektive”, held by Jens Liebchen on the occasion of the World Intellectual Property Day at TZ Aachen.
06/02/2016 - “Let's Encrypt with Best Practices”, DevConf.cz 2016, Slides
Slides from the talk “Let's Encrypt with Best Practices”, held at the DevConf.cz 2016 conference in Brno, Czech Republic.
21/12/2015 - “Physical Security – Wenn Türen zu Firewalls werden”, Research Group IT-Security, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Research Group IT-Security at the RWTH Aachen.
03/11/2015 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
12/08/2015 - “Security Threats at Conferences”, Flock 2015, Slides
Slides from the talk “Security Threats at Conferences”, held at the Flock 2015 conference in Rochester, NY, USA.
18/06/2015 - “Your Home is My Castle – Angriffe auf die Updates eines Heimrouters”, Cryptoparty, of the Fachschaft Mathematik/Physik/Informatik, Slides (German)
Slides from the talk “Your Home is My Castle – Angriffe auf die Updates eines Heimrouters”, held at the Cryptoparty of the Fachschaft Mathematik/Physik/Informatik of the RWTH Aachen.
11/06/2015 - “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, Audit Challenge 2015 in Frankfurt, Slides (German)
Slides from the talk “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, held at the Audit Challenge 2015 in Frankfurt.
18/03/2015 - “Achtung, Unfall voraus...?”, VDV, Slides (German)
Slides from the talk “Achtung, Unfall voraus...?” on IT security in public transport, as presented at the itcs seminar of the year 2015 by the VDV.
24/02/2015 - “Erfolgsfaktoren für gute Penetrationstests”, 22. DFN-Konferenz “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “Erfolgsfaktoren für gute Penetrationstests”, held at the in Hamburg.
03/12/2014 - “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, IT-Sicherheitstag NRW, Slides (German)
Slides from the talk “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, held at the IT-Sicherheitstag NRW in Hagen.
21/10/2014 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
16/05/2014 - “Jailbreaking Your MFP for More Security”, Workshop on system administration in libraries, Slides (German)
Slides from the talk “Jailbreaking Your MFP for More Security”, held at a Workshop on system administration in libraries at the ZBIW of the Cologne University of Applied Sciences in Cologne. http = []
16/01/2014 - “IT-Sicherheit und Kryptographie in der Praxis”, Cryptoparty, of the Fachschaft Mathematik/Physik/Informatik, Slides (German)
Slides from the talk “IT-Sicherheit und Kryptographie in der Praxis”, held at the Cryptoparty of the Fachschaft Mathematik/Physik/Informatik of the RWTH Aachen University.
29/11/2013 - “Jailbreaking Your MFP for More Security”, RWTH Aachen University Admin Meeting, Slides (German)
Slides from the talk “Jailbreaking Your MFP for More Security”, held at the RWTH Aachen University Admin Meeting in Aachen.
15/11/2013 - “Jailbreaking Your MFP for More Security”, 37. Datenschutzfachtagung (DAFTA): “Big Data - Big Responsibility”, Slides (German)
Slides from the talk “Jailbreaking Your MFP for More Security”, held at the 37. Datenschutzfachtagung (DAFTA) in Cologne.
25/10/2013 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
25/05/2013 - “Jailbreaking Your MFP for More Security”, Linuxtag, Slides (German)
Slides from the talk “Jailbreaking Your MFP for More Security”, held at the Linuxtag in Berlin.
20/02/2013 - “Jailbreaking Your MFP for More Security”, 20. DFN-Workshop “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “Jailbreaking Your MFP for More Security”, held at the 20. DFN-Workshop “Sicherheit in vernetzten Systemen” in Hamburg.
20/06/2012 - “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”, ESMT Management Update 2012, Slides (German)
Slides from the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”, held at the ESMT Management Update 2012 of the European School of Management and Technology (ESMT).
25/04/2012 - “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”, Technologieforum Telekommunikation, Slides (German)
Slides from the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”, that was held at Technologieforum Telekommunikation of IHK Aachen in Aachen.
29/02/2012 - “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten”(Slides), 19. DFN-Workshop „Sicherheit in vernetzten Systemen”, (German)
Slides and paper for the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten”, given on Februar 22nd, 2012 at the 19. DFN-Workshop “Sicherheit in vernetzten Systemen”.
05/12/2011 - “Physical Security – Wenn Türen zu Firewalls werden”, Fachhochschule Aachen, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Fachhochschule Aachen in the course Informationssicherheit (information security).
29/11/2011 - “Sicherheit und Industriespionage”, ESMT Netzwerktag 2011, Slides (German)
Slides from the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”, held at the ESMT Netzwerktag 2011 on Schloss Gracht.
08/11/2011 - “Physical Security – Wenn Türen zu Firewalls werden”, Chair for IT Security Infrastructures, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the Chair for IT Security Infrastructures at the University of Erlangen-Nürnberg.
01/07/2011 - “Datendiebstahl;”, Annual Conference Netzwerk Recherche 2011, Slides (German)
Slides from the workshop “Aktuelle Fälle von Datendiebstahl und wie sie grundsätzlich funktionieren – Hintergrundwissen für Journalisten”, held at the Netzwerk Recherche's annual conference 2011 in Hamburg.
16/02/2011 - “Physical Security – Wenn Türen zu Firewalls werden”, 18th DFN Workshop “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “Physical Security – Wenn Türen zu Firewalls werden”, held at the 18th DFN Workshop “Sicherheit in vernetzten Systemen”.
10/12/2010 - "Ten Commandments of IT-Security for WEB 2.0 Startups", HackFwd, Build 0.4, Slides (English)
Slides from the talk "Ten Commandments of IT-Security for WEB 2.0 Startups", held at Build 0.4 of HackFwd.
07/12/2010 - “Sicherheit und Industriespionage: Ein Realitätsabgleich”, Fraunhofer Institute for Production Technology, AK IT-Betrieb, Slides (German)
Slides from the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich”, held on invitation of Fraunhofer Institute for Production Technology IPT in Aachen.
01/09/2010 - “Sicherheit und Industriespionage: Ein Realitätsabgleich”, Praktische IT-Sicherheit, Slides (German)
Slides from the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich”, held at the event Praktische IT-Sicherheit at the Bonn-Rhine-Sieg University of Applied Sciences.
12/07/2010 - “Un(der)cover;”, Annual Conference Netzwerk Recherche 2010, Slides (German)
Slides and link collection from the workshop “Un(der)cover – Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse”, held at the Netzwerk Recherche's annual conference 2010 in Hamburg.
15/06/2010 - JBoss Security
Information page about JBoss security with new whitepaper “JBoss AS – Deploying WARs with the DeploymentFileRepository MBean”.
30/04/2010 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, Ruhr-Universität Bochum, Video (German)
Video of the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, held at the Bachelor-Vertiefungspraktikum zur Hackertechnik of the Chair for Network and Data Security, Ruhr-Universität Bochum.
21/04/2010 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, Ruhr-Universität Bochum, Slides (German)
Slides from the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, held at the Bachelor-Vertiefungspraktikum zur Hackertechnik of the Chair for Network and Data Security, Ruhr-Universität Bochum.
12/04/2010 - “Peeking into Pandora's Bochs – Instrumenting a Full System Emulator to Analyse Malicious Software”, Hackito Ergo Sum 2010, Slides
Slides from the talk “Peeking into Pandora's Bochs – Instrumenting a Full System Emulator to Analyse Malicious Software”, held at the Hackito Ergo Sum 2010 IT-security conference in Paris.
11/02/2010 - “Emulationsbasiertes Entpacken von laufzeitgepackten Schadprogrammen”, 17th DFN Workshop “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “Emulationsbasiertes Entpacken von laufzeitpgepackten Schadprogrammen”, held at he 17th DFN Workshop “Sicherheit in vernetzten Systemen”.
21/12/2009 - TLS Renegotiation Vulnerability: Proof of Concept Code
RedTeam Pentesting has developed proof of concept code to exploit the vulnerability in the TLS protocol that was published in the beginning of November 2009.
30/11/2009 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?” , Whitepaper
Whitepaper for the talks “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, held at hack.lu 2008, the 16th DFN-CERT Workshop and at RWTH Aachen University. The Whitepaper contains detailed descriptions of the attacks presented in the talks.
25/11/2009 - “Hacking for your Security – Penetration Testing” , Aachen Technology Entrepreneurship Conference (ATEC) 2009, Slides (German)
Slides from the talk “Hacking for your Security – Penetration Testing”, held at the Aachen Technology Entrepreneurship Conference (ATEC) 2009.
23/11/2009 - “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System”
ChipTAN comfort is a new system that uses a trusted device to securely authorise transactions in online banking. RedTeam Pentesting has examined chipTAN comfort and was able to discover some vulnerabilities in this new system.
06/11/2009 - “Hacking for your Security – Penetration Testing”, Lecture “Entrepreneurial Marketing”, Slides
Slides from the guest talk “Hacking for your Security – Penetration Testing”, held at the lecture “Entrepreneurial Marketing” at the Lehrstuhl Wirtschaftswissenschaften für Ingenieure und Naturwissenschaftler (WIN) of RWTH Aachen University.
28/10/2009 - “Peeking into Pandora's Bochs – Instrumenting a Full System Emulator to Analyse Malicious Software”, hack.lu 2009, Slides
Slides from the talk “Peeking into Pandora's Bochs – Instrumenting a Full System Emulator to Analyse Malicious Software”, held at the hack.lu 2009 IT-security conference in Luxembourg.
22/08/2009 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?”, FrOSCon 2009, Slides (German)
Slides from the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, held at FrOSCon 2009.
17/06/2009 - “Sicherheit und Industriespionage: Ein Realitätsabgleich”, Technologieforum Telekommunikation, Slides (German)
Slides from the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich”, that was held at Technologieforum Telekommunikation of IHK Aachen in Aachen, Germany.
03/06/2009 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?” , Whitepaper (German)
Whitepaper for the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, held at hack.lu 2008, the 16th DFN-CERT Workshop and at RWTH Aachen University. The Whitepaper contains detailed descriptions of the attacks presented in the talk.
19/05/2009 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?”, Center for Computing and Communication of RWTH Aachen University, Slides (German)
Slides from the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now”, held at the Center for Computing and Communication of RWTH Aachen University. Based on the talks held at the 16th DFN-CERT Workshop and Hack.lu 2008, the time available at this event allowed for more elaborate demonstrations.
17/03/2009 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?”, DFN-CERT, Slides (German)
Slides from the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?”, held at the 16th DFN-CERT Workshop in Hamburg. The talk covers typical vulnerabilities of JBoss Application Server installations and their exploitation.
06/03/2009 - “Überraschende Angriffsvektoren”, CeBIT, Slides (German)
Slides from the talk “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen”, held at the CeBIT. The talk shows exemplary security weaknesses which resulted from wrong assumptions.
04/03/2009 - “Practical Security and Crypto”, Eindhoven Institute for the Protection of Systems and Information (EiPSI), Slides (English)
Slides from the talk “Practical Security and Crypto: Why Mallory Sometimes Doesn't Care”, held at the EiPSI seminar of the Eindhoven University of Technology. The talk explains by means of practical examples mistakes in the usage of cryptography.
22/01/2009 - “IT Security in Theorie und Praxis”, IHK Arnsberg, Slides (German)
Slides from the talk “IT-Security in Theorie und Praxis – Über 'harmlose' Geräte und andere Denkfehler”, held at the IHK Arnsberg at the event “Unternehmenskritische Daten – Gefahren und Schutzmaßnahmen”. Other talks were given by the Verfassungsschutz NRW, the secure-it.nrw initiative as well as the tetraguard GmbH.
23/10/2008 - “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?”, hack.lu 2008, Slides (English)
Slides from the talk “Bridging the Gap between the Enterprise and You – or – Who's the JBoss now?”, held at the hack.lu 2008 IT security conference in Luxembourg. The talk covers typical vulnerabilities of JBoss installations and their exploitation.
18/09/2008 - “IT Security in Theorie und Praxis”, druckerfachmann.de AG, Slides (German)
Slides from the talk “IT-Security in Theorie und Praxis – Über 'harmlose' Geräte und andere Denkfehler”, held at an IT security workshop of druckerfachmann.de AG in Berlin.
22/04/2008 - “Penetration Testing – Praxis and Beyond”, Deutschsprachige Bull User Society – Arbeitskreis Sicherheit, Slides (German)
Slides from the talk “Penetration Testing – Praxis and Beyond”, held at the working group Security of the German Speaking Bull User Society in Cologne.
17/04/2008 - “Penetration Testing – Praxis and Beyond”, Fachhochschule Aachen, Slides (German)
Folien zum Vortrag “Penetration Testing – Praxis and Beyond”, held at Aachen University of Applied Sciences.
10/04/2008 - “Penetration Testing – Praxis and Beyond”, Berufsakademie Mannheim, Slides (German)
Slides from the talk “Penetration Testing – Praxis and Beyond”, held at the Berufsakademie Mannheim.
02/04/2008 - “Ubiquitous IT Security – Warum die Firewall nicht schützen konnte”, Sicherheit 2008, Slides (German)
Slides from the talk “Ubiquitous IT Security – Warum die Firewall nicht schützen konnte”, held at the Sicherheit 2008 security conference in Saarbrücken.
02/04/2008 - “Iterative Kompromittierungsgraphverfeinerung als methodische Grundlage für Netzwerkpenetrationstests”, Sicherheit 2008, Paper (German)
Paper from the talk “Iterative Kompromittierungsgraphverfeinerung als methodische Grundlage für Netzwerkpenetrationstests”, held at the Sicherheit 2008 security conference in Saarbrücken. The paper was published in the series “Lecture Notes in Informatics” in volume P-128 (ISSN 1617-5468, ISBN 978-3-88579-222-2).
13/02/2008 - “Botspy – Effiziente Beobachtung von Botnetzen”, 15. DFN Workshop “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “Botspy – Effiziente Beobachtung von Botnetzen”, held at the 15th DFN Workshop “Sicherheit in vernetzten Systemen” in Hamburg.
19/10/2007 - “Botspy – Efficient Observation of Botnets”, hack.lu 2007, Slides (English)
Slides from the talk “Botspy – Efficient Observation of Botnets” at the hack.lu security conference in Kirchberg (Luxembourg).
28/09/2007 - “Online-Voodoo: Mehr finden, mehr sehen, mehr wissen. Effektive Recherche im Internet”, Zukunftskongress Ethik 2.0 – Schöne neue Online-Welt? of the DJV, Slides (German)
Slides from the workshop “Effektive Recherche im Internet”, for the congress for online journalists of the Deutscher Journalisten-Verband.
21/03/2007 - “Penetrationtests: Praxisnahe IT-Sicherheit – Ihr Netzwerk aus der Angreiferperspektive” , Technologieforum Telekommunikation, Slides (German)
Slides from the talk “Penetrationtests: Praxisnahe IT-Sicherheit – Ihr Netzwerk aus der Angreiferperspektive”, that was held at Technologieforum Telekommunikation of IHK Aachen in Aachen, Germany.
07/02/2007 - “IT-Security aus dem Nähkästchen – oder – »das kann mir nicht passieren...«”, 14. DFN-Cert Workshop “Sicherheit in vernetzten Systemen”, Slides (German)
Slides from the talk “IT-Security aus dem Nähkästchen” about typical vulnerabilities, managers do not expect in their company, but which are found in penetration tests nevertheless. The talk was held at the 14th DFN-Cert Workshop “Sicherheit in vernetzten Systemen” (“Security in distributed systems”) in Hamburg, Germany.
12/12/2006 - “Penetrationtests – Hacken für mehr Sicherheit?” - Der EDV-Leiter, article (German)
Jens Liebchen reports about practical experiences doing penetration tests in an article in the german journal “Der EDV-Leiter”.
08/12/2006 - „Penetrationtests: Praxisnahe IT-Sicherheit”, AGIT, Slides (German)
Slides from the talk about penetration testing at the AGIT IT-Sicherheitstag, Technologiezentrum Aachen.
20/10/2006 - “Hack.lu 2005 – The Crypto Challenge”, Hack.lu, Slides (English)
Slides from the lightning talk on the cryptochallenge of Hack.lu 2005. The Talk was held at Hack.lu 2006.
31/08/2006 - “Hacking for your security – Penetrationtesting”, Chaos Computer Club Köln e.V. (C4), Slides (German)
Slides from the presentation about penetration testing held at the OpenChaos. The OpenChaos is organised by the Chaos Computer Club Cologne e.V.. The presentation is based on the presentation at the Center for Computing and Communication of RWTH Aachen.
22/02/2006 - “Hacking for your security – Penetrationtesting”, Center for Computing and Communication of RWTH Aachen University, Slides (German)
Slides from the presentation about penetration testing held at the computer center of the RWTH Aachen, which was a huge success with over 300 participants. The presentation shows in a comprehensible way what pentesting is, what procedures are used and what the benefits of a pentest are. In a subsequent part, common failures are discussed and frequently appearing security flaws are identified.
09/12/2005 - “Hacking for Money – Penetrationtesting” , LinuxTag Stralsund, Slides (German)
Slides from the presentation about penetration testing held at the LinuxTag Stralsund.
14/10/2005 - MISC Magazine, “Hacking for Money – Penetrationtesting”, Volume 1
An article discussing the ideas and procedures of a penetration test, written for MISC (Multi-System & Internet Security Cookbook), a technical magazine about IT-Security.
25/08/2005 - “RedTeam warnt vor trügerischer Sicherheit des neuen iTAN-Verfahren”
Press release regarding the introduction of the iTAN system by many german online banks. The release points out the false security promises of the banks and outlines a Man-in-the-Middle attack, showing how it is still possible for phishers et al to get your account data. More articles and references can be found under Press.