usd HeroLab Toolchain
We place the highest demands on the quality of our work. To ensure that security analyses are always carried out with constant efficiency and quality, our own tools are subject to strict quality management and optimization processes, taking into account the results of our research.
Analysis tool for all team members & knowledge database.
|Implementation of plugins & self developed scripts|
|Analysis tool for all team members & knowledge database|
|Continuous development and adaption to research results|
|High level of automation of manual processes|
|Combines the best publicly available tools and usd in-house developments|
|Consistently high quality level|
Project planning and collaboration support for all team members.
|Mapping of our long-standing and proven internal processes|
|Status tracking & resource management|
|Project planning & collaboration|
|Importing data from usd Icebreaker|
usd Reporting Tool
Results prepared by our analysts.
|Consistent high quality reports|
|Detailed explanation of identified vulnerabilities|
|Instructions on how to verify the vulnerability|
|Data import from usd ExPeRT|
|Concrete recommendation of measures to remedy the vulnerability|
Cyber Security Transformation Chef (CSTC)
remote-method-guesser: A Java RMI Vulnerability Scanner
The open source tool "remote-method-guesser (rmg)" is a Java RMI vulnerability scanner looking for misconfigurations in Java RMI endpoints.
The SNC Scan enables the analysis of the SAP Secure Network Communication (SNC) protocol and identifies insecure configurations.
The BurpSuite plugin FlowMate increases coverage in web pentests through data flow analysis and automated evaluation.
Our training and education environment
Pentesters can train their methodical skills, creativity and endurance in real life pentesting, using a continuously growing number of preconfigured server environments, various technologies and vulnerabilities of varying difficulty levels. No isolated tasks. No reports. No jury. Only skill counts. The PentestLab is not only used by our own pentesters, but also serves as a training environment for our clients during CST Academy events, and is the basis for our regular Hackers’ Days designed for students and universities.
The basis for an efficient process and vulnerability management is the integration of the platform into your company. Your assets, primary contacts and the status of your pentests are displayed here. We are happy to support you during the rollout and train your employees if desired. Acting as partners. Transparent, secure and efficient.