usd HeroLab Toolchain
We place the highest demands on the quality of our work. To ensure that security analyses are always carried out with constant efficiency and quality, our own tools are subject to strict quality management and optimization processes, taking into account the results of our research.
usd Icebreaker
Analysis tool for all team members & knowledge database.
| Implementation of plugins & self developed scripts |
| Analysis tool for all team members & knowledge database |
| Continuous development and adaption to research results |
| High level of automation of manual processes |
| “Scanner”/automation engine |
| Combines the best publicly available tools and usd in-house developments |
| Consistently high quality level |
usd ExPeRT
Project planning and collaboration support for all team members.
| Mapping of our long-standing and proven internal processes |
| Integrated checklists |
| Status tracking & resource management |
| Project planning & collaboration |
| Importing data from usd Icebreaker |
usd Reporting Tool
Results prepared by our analysts.
| Consistent high quality reports |
| Detailed explanation of identified vulnerabilities |
| Instructions on how to verify the vulnerability |
| Data import from usd ExPeRT |
| Concrete recommendation of measures to remedy the vulnerability |
Cyber Security Transformation Chef (CSTC)
This Burp Suite plugin enables penetration testers to efficiently analyze complex web appliactions.
remote-method-guesser: A Java RMI Vulnerability Scanner
The open source tool "remote-method-guesser (rmg)" is a Java RMI vulnerability scanner looking for misconfigurations in Java RMI endpoints.
SNC Scan
The SNC Scan enables the analysis of the SAP Secure Network Communication (SNC) protocol and identifies insecure configurations.
FlowMate
The BurpSuite plugin FlowMate increases coverage in web pentests through data flow analysis and automated evaluation.
usd PentestLab
Our training and education environment
Pentesters can train their methodical skills, creativity and endurance in real life pentesting, using a continuously growing number of preconfigured server environments, various technologies and vulnerabilities of varying difficulty levels. No isolated tasks. No reports. No jury. Only skill counts. The PentestLab is not only used by our own pentesters, but also serves as a training environment for our clients during CST Academy events, and is the basis for our regular Hackers’ Days designed for students and universities.
Optimal support
The basis for an efficient process and vulnerability management is the integration of the platform into your company. Your assets, primary contacts and the status of your pentests are displayed here. We are happy to support you during the rollout and train your employees if desired. Acting as partners. Transparent, secure and efficient.