Blogbeiträge

Zammad Helpdesk Zero-Day-Vulnerability

21.07.2022 3 minutes

During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not …

Log4Shell – critical vulnerability in Java logging library Log4j

15.12.2021 4 minutes

On November 24th a critical vulnerability in Log4j was reported to Apache. It was later made public under the name Log4Shell (CVE-2021-44228); it can be exploited effortlessly remotely and allows an attacker to execute his own code (RCE). …

Testing the 'Netatmo Welcome' Smart Camera – Hardware Hacking

25.04.2019 10 minutes

Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we continued our …

Testing the 'Netatmo Welcome' Smart Camera

20.09.2018 8 minutes

Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we performed static …

How we identified a tcpdump vulnerability using cloud fuzzing

20.03.2017 10 minutes

Fuzzing is a method to identify software bugs and vulnerabilities. The current development shows a trend to move fuzzing into the cloud, as cloud fuzzing offers a fuzzing speed increase and lots of extra flexibility compared to classic …

Privacy Analysis of Windows 10 Enterprise at Telemetry Level 0

25.01.2017 5 minutes

The focus of this research is to analyze the amount of privacy provided in Windows 10 when using the most restrictive privacy settings available. Windows 10 has been observed to establish encrypted connections to Microsoft servers without a …

Reverse Engineering the TP-Link HS110

29.07.2016 13 minutes

TP-Link HS110 Wi-Fi is a cloud-enabled power plug that can be turned on and off remotely via app and offers energy monitoring and scheduling capabilities. As part of ongoing research into Internet of Things security, we performed a security …

TP