LabNews
Security Advisories for SONIX and SAP
The pentest professionals at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their pentests. Our professionals discovered that systems with a SONIX...
The Surprising Complexity of Finding Known Vulnerabilities
Most organizations extensively use third-party software products and libraries to increase efficiency and decrease costs. As various data breaches and Supply Chain Attacks have...
Security Advisories for Zimperium and FileCloud
The pentest professionals at usd HeroLab examined Zimperium and FileCloud during their pentests. A critical vulnerability was discovered in the Drive application...
Security Advisories for Gambio
The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the...
Security Advisories for Planfocus, FileRun, Keycloak and Documize
The Pentest Professionals at usd HeroLab examined Planfocus, FileRun, Keycloak and Documize during their Pentests. During the security analysis several vulnerabilities were...
Security Advisory for IBM QRadar SIEM
The Pentest Professionals at usd HeroLab examined IBM QRadar SIEM during their Pentests. The security information and event management platform developed by IBM provides advanced...
Pentest of Virtualized Applications (Citrix Breakout Test)
When it comes to providing desktop applications to internal and external company end users, a wide range of virtualized deployment technologies have become established in recent...
Security Advisories for Gibbon Edu
The Pentest Professionals of the usd HeroLab have analyzed the open source educational software Gibbon Edu during their Pentests. Throughout the security analysis, cross-site...
Write-Up Registration Challenge Hacker Contest Winter 2023/24
In the winter semester of 2023, our "Hacker Contest" will be held again at Technical University of Darmstadt (TU). In the popular course, students get real insights into IT...
Security Advisories for SuperWebMailer
The usd HeroLab analysts examined the newsletter management tool SuperWebMailer while conducting their security analysis. During the security analysis, three cross-site...
Security Advisory for Contao
The usd HeroLab analysts examined the Contao content management system while conducting their security analysis. It is an open source software that enables the creation of...
Security Advisories for SAP
The usd HeroLab's pentest professionals examined applications from the software manufacturer SAP while conducting their pentests. During the assessment of the SAP Partner Portal,...
Security Advisory for Windows Admin Center
The analysts at usd HeroLab examined the centralized management tool Windows Admin Center while conducting their security analyses. During the assessment, the entire...
Security Advisory for MultiTech Conduit AP MTCAP2-L4E1
The analysts at usd HeroLab examined the LoRaWAN access point MultiTech Conduit AP MTCAP2-L4E1 while conducting their security analyses. During the assessment they...
Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code Execution
We love open-source software. In context of our mission #moresecurity, Christian Pöschl, security consultant and penetration tester at usd HeroLab had a look at Foswiki as a...
Security Advisories for Foswiki
The analysts at usd HeroLab examined the Foswiki application while conducting their security analyses. They identified vulnerabilities in the application's input...
Security Advisory for Tracim
The analysts at usd HeroLab examined the Tracim collaboration platform while conducting their security analyses. They identified a vulnerability in the application's...
Security Advisory for Microsoft Windows
The analysts at usd HeroLab examined various operating system versions of microsoft windows while conducting their security analyses. While conducting these analyses, they...
Write-Up Registration Challenge Hacker Contest Summer 23
In the summer semester of 2023, our "Hacker Contest" will be held again at Darmstadt University (TU) and Darmstadt University of Applied Sciences (h_da). In the popular course,...
Version 1.3.0 of the Cyber Security Transformation Chef (CSTC) is here
Our Burp Suite plugin "Cyber Security Transformation Chef" (CSTC) supports security analysts in their pentests of complicated web applications and APIs. The CSTC allows to define...