A full walkthrough of the Hack The Box “Fatty” machine, written by the machine maker (qtc).
Hack The Box: Oouch Writeup
A full walkthrough of the Hack The Box “Oouch” machine, written by the machine maker (qtc).
Security Advisory 07/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs …
Security Advisory 06/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind …
Catching the phishes
Florian Haag, dual student in computer science at usd HeroLab, developed a tool chain to automatically detect cloned websites related to phishing attacks during his practical semester at the University of Applied Sciences Darmstadt. Here he gives us an introduction …
Security Advisory 04/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey, Zencart, Starface UCC Client and Userlike Chat. The following vulnerability classes were identified: Cross-Site Scripting (XSS) Insufficient Filtering OS Command Injection …
Pentest Scope: How to Determine the Testing Scope?
Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition, proof of conducting a pentest is an important component of many compliance requirements, …
Security Advisory 02/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with …
Unknown Vulnerabilities – Responsibilities of the Finder
The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day vulnerabilities, no security patches (corrective changes applied to the product to remedy security gaps) have been made …
Pentest – What analysis approaches are there?
Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the …