usd HeroLab Toolchain


We place the highest demands on the quality of our work. To ensure that security analyses are always carried out with constant efficiency and quality, our own tools are subject to strict quality management and optimization processes, taking into account the results of our research.

usd Icebreaker

Analysis tool for all team members & knowledge database.

Implementation of plugins & self developed scripts
Analysis tool for all team members & knowledge database
Continuous development and adaption to research results
High level of automation of manual processes
“Scanner”/automation engine
Combines the best publicly available tools and usd in-house developments
Consistently high quality level

usd ExPeRT

Project planning and collaboration support for all team members.

Mapping of our long-standing and proven internal processes


Integrated checklists
Status tracking & resource management


Project planning & collaboration
Importing data from usd Icebreaker

usd Reporting Tool

Results prepared by our analysts.

Consistent high quality reports


Detailed explanation of identified vulnerabilities
Instructions on how to verify the vulnerability


Data import from usd ExPeRT
Concrete recommendation of measures to remedy the vulnerability

Cyber Security Transformation Chef (CSTC)

This Burp Suite plugin enables penetration testers to efficiently analyze complex web appliactions.

remote-method-guesser: A Java RMI Vulnerability Scanner

The open source tool "remote-method-guesser (rmg)" is a Java RMI vulnerability scanner looking for misconfigurations in Java RMI endpoints.

SNC Scan

The SNC Scan enables the analysis of the SAP Secure Network Communication (SNC) protocol and identifies insecure configurations.


The BurpSuite plugin FlowMate increases coverage in web pentests through data flow analysis and automated evaluation.

usd PentestLab

Our training and education environment

Pentesters can train their methodical skills, creativity and endurance in real life pentesting, using a continuously growing number of preconfigured server environments, various technologies and vulnerabilities of varying difficulty levels. No isolated tasks. No reports. No jury. Only skill counts. The PentestLab is not only used by our own pentesters, but also serves as a training environment for our clients during CST Academy events, and is the basis for our regular Hackers’ Days designed for students and universities.

Optimal support

The basis for an efficient process and vulnerability management is the integration of the platform into your company. Your assets, primary contacts and the status of your pentests are displayed here. We are happy to support you during the rollout and train your employees if desired. Acting as partners. Transparent, secure and efficient.