usd HeroLab Toolchain

 

We place the highest demands on the quality of our work. To ensure that security analyses are always carried out with constant efficiency and quality, our own tools are subject to strict quality management and optimization processes, taking into account the results of our research.

usd Icebreaker

Analysis tool for all team members & knowledge database.

Implementation of plugins & self developed scripts
 
Analysis tool for all team members & knowledge database
 
Continuous development and adaption to research results
High level of automation of manual processes
“Scanner”/automation engine
Combines the best publicly available tools and usd in-house developments
Consistently high quality level

usd ExPeRT

Project planning and collaboration support for all team members.

Mapping of our long-standing and proven internal processes

 

Integrated checklists
Status tracking & resource management

 

Project planning & collaboration
Importing data from usd Icebreaker

usd Reporting Tool

Results prepared by our analysts.

Consistent high quality reports

 
 

Detailed explanation of identified vulnerabilities
Instructions on how to verify the vulnerability

 

Data import from usd ExPeRT
Concrete recommendation of measures to remedy the vulnerability

remote-method-guesser: A Java RMI Vulnerability Scanner

The open source tool “remote-method-guesser (rmg)” is a Java RMI vulnerability scanner looking for misconfigurations in Java RMI endpoints.

YouTube

Mit dem Laden des Videos akzeptieren Sie die Datenschutzerklärung von YouTube.
Mehr erfahren

Video laden

Cyber Security Transformation Chef (CSTC)

YouTube

Mit dem Laden des Videos akzeptieren Sie die Datenschutzerklärung von YouTube.
Mehr erfahren

Video laden

This Burp Suite plugin enables penetration testers to efficiently analyze complex web appliactions.

usd PentestLab

Our training and education environment

usd pentestlab darstellung en
usd herolab certified pro badge

Pentesters can train their methodical skills, creativity and endurance in real life pentesting, using a continuously growing number of preconfigured server environments, various technologies and vulnerabilities of varying difficulty levels. No isolated tasks. No reports. No jury. Only skill counts. The PentestLab is not only used by our own pentesters, but also serves as a training environment for our clients during CST Academy events, and is the basis for our regular Hackers’ Days designed for students and universities.

usd Security Connect

Our platform for joint process and vulnerability management.

You have a larger environment? Our Pentest Service Management will support you in preparing for and conducting your pentests – via our platform usd Security Connect.

import assets

order security analyses

view identified vulnerabilities

assign responsible persons

project progress & dashboard

remediation process

role & user concept

customizable reports

service management & organization

usd herolab Plattformen

Optimal support

The basis for an efficient process and vulnerability management is the integration of the platform into your company. Your assets, primary contacts and the status of your pentests are displayed here. We are happy to support you during the rollout and train your employees if desired. Acting as partners. Transparent, secure and efficient.