Pentesting, System Hardening & IT Security Blog

Our passion for testing and defending infrastructures, applications and companies often leads us to the point where we want to share our thoughts and experience with the world. Here you can read all about our exploits and research and enjoy our posts, from useful howtos, to published CVEs, management strategies, new exciting tools and much more. As a provider of offensive and defensive IT services, we always welcome readers to reach out to us and ask questions or provide feedback, be it about our blog or our services, which include web-application and network penetration tests, system defense and hardening and management consulting, among others.

Scanning SSL/TLS configurations is part of every pentesters skillset and an often occurring task. In order to detect some of the issues, for example the use of SSLv2, certain requirements have to be met by the scanning tool. In the mentioned example, it’s that the scanner must have been build with s...

I was originally writing another blog post which I will now have to finish later but the recent discussion with @TalkTalkCare has left me little choice, so I wrote this one first instead. I want to address the problem, that a certain untruth doesn’t seem to die no matter how often the topic is bro...

Since a lot of people are apparently unfamiliar with the concept of penetration tests, or pentests for short, I want to give a short introduction to what we feel defines a good pentest.In order to give you a good overview, I will go through the following questions.What exactly is a penetration...

It is more reality then a ghost story for CIOs and CISOs It is possible that cyber-attacks cause’s monetary damages as we have seen recently at the German government if the infrastructure or better to say the running systems on the infrastructure are heavily manipulated or damaged. In fact of that...

The second round of the new crypto meetup in munich was held yesterday at the office of FTAPI GmbH. The event was the first of hopefully many more to come and a great opportunity to discuss crypto in browsers and other security topics. FTAPI was not only host, but also initiator and organizer of thi...