Pentesting, System Hardening & IT Security Blog

Our passion for testing and defending infrastructures, applications and companies often leads us to the point where we want to share our thoughts and experience with the world. Here you can read all about our exploits and research and enjoy our posts, from useful howtos, to published CVEs, management strategies, new exciting tools and much more. As a provider of offensive and defensive IT services, we always welcome readers to reach out to us and ask questions or provide feedback, be it about our blog or our services, which include web-application and network penetration tests, system defense and hardening and management consulting, among others.

Scanning your network is one of the easiest things you can do to help keep your network safe. Recently I began to wonder if our vulnerability scanner is actually providing any value to us, since all reports looked essentially like this.But that all changed with the latest report I got, which su...

During the last weeks before Christmas, I found myself traveling more than usual throughout Germany and Europe. While I was waiting at the airports I recognized some typical behaviors that passengers showed before and after the flight. Before the boarding begins the flight ticket is handled like a p...

Yesterday at around 10:00 pm, I noticed that something was wrong with Steam. The interface suddenly presented itself in different languages and kept switching. I tried to switch back to english but got an error message that something went wrong. A little bit of poking around in the settings showe...

Sniffing traffic on a network is fun but getting a physical connection in the first place can be just as interesting, especially when you want to extract information from a cabled network but can't simply plug into it. Wiretapping is a way of tapping into a network wire, hence the name, that is alre...

Now matter how much you want to secure your mail server, to be able to actually communicate with your customers and partners, you will have to face the ugly truth that enforcing STARTTLS might not be the best idea from a business perspective. Using opportunistic encryption, meaning to encrypt mail...