Blog Posts

Attacking civilian UAVs

May 15, 2023 11 minutes

Drones are becoming increasingly popular, but they are also vulnerable. Hackers can take control of a drone, steal its data, or even crash it. We explored possible attacks and countermeasures against civilian UAVs.

Zammad Helpdesk Zero-Day-Vulnerability

Jul 21, 2022 3 minutes

During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not …

Log4Shell – critical vulnerability in Java logging library Log4j

Dec 15, 2021 4 minutes

On November 24th a critical vulnerability in Log4j was reported to Apache. It was later made public under the name Log4Shell (CVE-2021-44228); it can be exploited effortlessly remotely and allows an attacker to execute his own code (RCE). …

Testing the 'Netatmo Welcome' Smart Camera – Hardware Hacking

Apr 25, 2019 10 minutes

Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we continued our …

Testing the 'Netatmo Welcome' Smart Camera

Sep 20, 2018 8 minutes

Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we performed static …

How we identified a tcpdump vulnerability using cloud fuzzing

Mar 20, 2017 10 minutes

Fuzzing is a method to identify software bugs and vulnerabilities. The current development shows a trend to move fuzzing into the cloud, as cloud fuzzing offers a fuzzing speed increase and lots of extra flexibility compared to classic …

Privacy Analysis of Windows 10 Enterprise at Telemetry Level 0

Jan 25, 2017 5 minutes

The focus of this research is to analyze the amount of privacy provided in Windows 10 when using the most restrictive privacy settings available. Windows 10 has been observed to establish encrypted connections to Microsoft servers without a …