Pentesting and IT Security Blog

Our passion for testing and defending infrastructures, applications and companies often leads us to the point where we want to share our thoughts and experience with the world. Here you can read all about our exploits and research and enjoy our posts, from useful howtos, to published CVEs, management strategies, new exciting tools and much more. As a provider of offensive and defensive IT services, we always welcome readers to reach out to us and ask questions or provide feedback, be it about our blog or our services, which include web-application and network penetration tests, system defense and hardening and management consulting, among others.

Take care of your boarding pass

date Fri Jan 08, 2016 category Privacy
tags Awareness Privacy Data Boardingpass

During the last weeks before Christmas, I found myself traveling more than usual throughout Germany and Europe. While I was waiting at the airports I recognized some typical behaviors that passengers showed before and after the flight. Before the boarding begins the flight ticket is handled like a p...

Tagging emails sent in plain text with Thunderbird

date Wed Dec 09, 2015 category Defense
tags Mail STARTTLS TLS Security Client Awareness Howto Encryption

Now matter how much you want to secure your mail server, to be able to actually communicate with your customers and partners, you will have to face the ugly truth that enforcing STARTTLS might not be the best idea from a business perspective. Using opportunistic encryption, meaning to encrypt mail...

Monetary damages through cyber attacks?

date Fri Jul 24, 2015 category Management
tags Awareness Risk Monetary Damage

It is more reality then a ghost story for CIOs and CISOs It is possible that cyber-attacks cause’s monetary damages as we have seen recently at the German government if the infrastructure or better to say the running systems on the infrastructure are heavily manipulated or damaged. In fact of that...