LabNews
Hack The Box: Oouch Writeup
At the beginning of the year Hack The Box released Oouch, a vulnerable machine created by usd HeroLab consultant and security researcher Tobias Neitzel (@qtc_de). Oouch is an...
Security Advisory 07/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and...
Security Advisory 06/2020
Die Pentester des usd HeroLabs haben während der Durchführung ihrer Sicherheitsanalysen mehrere Schwachstellen identifiziert. Dabei handelt es sich um Schwachstellen in den...
Catching the phishes
Florian Haag, dual student in computer science at usd HeroLab, developed a tool chain to automatically detect cloned websites related to phishing attacks during his practical...
Security Advisory 04/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey,...
Pentest Scope: How to Determine the Testing Scope?
Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition,...
Security Advisory 02/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The...
Unknown Vulnerabilities – Responsibilities of the Finder
The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day...
Pentest – What analysis approaches are there?
Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show...
Security Advisory 01/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad...
“Made by usd HeroLab” – Sebastian Puttkammer about Tools, Quality and Efficiency
Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made...
Tool for Forensic Data Analysis at DFRWS USA 2019
Christian Meng, usd HeroLab Consultant, developed an open source tool for forensic data analysis and recovery of deleted SQLite data sets, “bring2lite” as part of his final...
36c3 – usd HeroLab at Chaos Communication Congress 2019
A well-established tradition for the usd HeroLab and a great end to the year: from December 27 to 30, 2019, more than 20 HeroLabbers attended the four-day 36th Chaos...
Top 7 Quality Criteria for a Pentest Partner
In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice...
What If a Gateway for Hackers Was Hidden in Your Source Code?
Code Review – the Supreme Discipline of Security Analyses Businesses today invest a lot in a wide range of security measures to protect their infrastructures from attacks. These...
Security Advisory 10/2019
Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products...
usd HeroLab „Summerschool 2019“ completed
In addition to university courses, the usd HeroLab training program „Become a HeroLab Professional“, or “Become a HeroLabber” for short, is another investment in qualified young...
usd HeroLab Team Workshop Breaks Participant Record
Around 60 colleagues of usd HeroLab attended the latest two-day team workshop at CST Academy. In addition to expert presentations on various topics, such as special penetration...
Cyber Security Transformation Chef
usd Herolab proudly presents the Cyber Security Transformation Chef (shorthand CSTC), which is a Burp Extension for various input transformations. It implements a generic way to...
Security Advisory 07/2019
by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security...