Pentesting and IT Security Blog

Our passion for testing and defending infrastructures, applications and companies often leads us to the point where we want to share our thoughts and experience with the world. Here you can read all about our exploits and research and enjoy our posts, from useful howtos, to published CVEs, management strategies, new exciting tools and much more. As a provider of offensive and defensive IT services, we always welcome readers to reach out to us and ask questions or provide feedback, be it about our blog or our services, which include web-application and network penetration tests, system defense and hardening and management consulting, among others.

Im Mai hatte ich zuletzt zum Thema automatische Updates für Linux Server geschrieben und einen zweiten Teil versprochen. Dieser kommt mit diesem Beitrag, wenn auch etwas verspätet. Wie sich Updates ohne manuelles zutun installieren lassen, wurde ja bereits geklärt. Doch was passiert, wenn ein solc...

This post is only available in german. Freitag, 03. Mai 2019 09:49 Im April haben wir auf unserem Youtube Channel zwei Videos zu Veracrypt veröffentlicht. Darin wird gezeigt, wie mit Veracrypt sowohl gesammte Partitionen oder Festplatten, als auch Teilbereiche einer Festplatte als so genann...

Now matter how much you want to secure your mail server, to be able to actually communicate with your customers and partners, you will have to face the ugly truth that enforcing STARTTLS might not be the best idea from a business perspective. Using opportunistic encryption, meaning to encrypt mail...

Whenever I'm connecting to a new remote server via SSH, I tend to verify the fingerprint to make sure that I'm actually connecting to my own machine. Usually it's not that big a deal as I'm simply comparing two strings, but what if those two strings are created with two different hashing algorithms?...

A few days ago, the TLS certificate (SSL is dead, remember?) of my private blog www.hashtagsecurity.com expired without me noticing it, mostly because I paused any activities there to focus on my work here at LastBreach as well as this blog. Since I didn't intend on working on hashtagsecurity.com...