Pentesting and IT Security Blog

Our passion for testing and defending infrastructures, applications and companies often leads us to the point where we want to share our thoughts and experience with the world. Here you can read all about our exploits and research and enjoy our posts, from useful howtos, to published CVEs, management strategies, new exciting tools and much more. As a provider of offensive and defensive IT services, we always welcome readers to reach out to us and ask questions or provide feedback, be it about our blog or our services, which include web-application and network penetration tests, system defense and hardening and management consulting, among others.

Info-Mails für Unattended-Upgrades

date Fri Aug 30, 2019 category Defense How to... Sicherheit Schritt für Schritt
tags Security Howto Sicherheit Linux Ubuntu Debian Updates

Im Mai hatte ich zuletzt zum Thema automatische Updates für Linux Server geschrieben und einen zweiten Teil versprochen. Dieser kommt mit diesem Beitrag, wenn auch etwas verspätet. Wie sich Updates ohne manuelles zutun installieren lassen, wurde ja bereits geklärt. Doch was passiert, wenn ein solc...

Daten- und Festplattenverschlüsselung mit Veracrypt

date Sat May 04, 2019 category Defense
tags Security Crypto Howto Privacy Data Encryption

This post is only available in german. Freitag, 03. Mai 2019 09:49 Im April haben wir auf unserem Youtube Channel zwei Videos zu Veracrypt veröffentlicht. Darin wird gezeigt, wie mit Veracrypt sowohl gesammte Partitionen oder Festplatten, als auch Teilbereiche einer Festplatte als so genann...

DVWA - Unintended Command Injection - High

date Mon Aug 20, 2018 category How to... Pentesting
tags Security Howto Vulnerability Pentesting

In preparation for a new web security training course (german, coming soon), I had another look at the current version of the Damn Vulnerable Web App (DVWA). As I documented the solution for the command injection vulnerability on high, I found something that sparked a tiny idea how this part might b...

Physical wiretapping for beginners

date Wed Dec 16, 2015 category How to...
tags Howto Physical Security Ethernet Sniffing Pentesting Wiretap

Sniffing traffic on a network is fun but getting a physical connection in the first place can be just as interesting, especially when you want to extract information from a cabled network but can't simply plug into it. Wiretapping is a way of tapping into a network wire, hence the name, that is alre...

Tagging emails sent in plain text with Thunderbird

date Wed Dec 09, 2015 category Defense
tags Mail STARTTLS TLS Security Client Awareness Howto Encryption

Now matter how much you want to secure your mail server, to be able to actually communicate with your customers and partners, you will have to face the ugly truth that enforcing STARTTLS might not be the best idea from a business perspective. Using opportunistic encryption, meaning to encrypt mail...