May 15, 2023
11 minutes
Drones are becoming increasingly popular, but they are also vulnerable. Hackers can take control of a drone, steal its data, or even crash it. We explored possible attacks and countermeasures against civilian UAVs.
Jul 21, 2022
3 minutes
During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not …
Dec 15, 2021
4 minutes
On November 24th a critical vulnerability in Log4j was reported to Apache. It was later made public under the name Log4Shell (CVE-2021-44228); it can be exploited effortlessly remotely and allows an attacker to execute his own code (RCE). …
Jun 9, 2020
4 minutes
ILIAS is a free and open source learning platform which can be used to create and distribute web-based teaching and learning materials. It is often used by universities and companies for e-learning. This blog post describes how we …
Apr 25, 2019
10 minutes
Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we continued our …
Sep 20, 2018
8 minutes
Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we performed static …
Sep 1, 2017
9 minutes
We analyzed a recent wave of phishing mails trying to spread the Emotet banking trojan via malicious Word documents. This post provides details of the obfuscation methods used in the VBA macro and the PowerShell script contained within the …
May 20, 2017
10 minutes
The preliminary release of the OWASP Top 10 - 2017 in April 2017 has stirred up quite a bit of controversy over the inclusion of a new entry titled 'A7 - Insufficient Attack Protection'. Aside from taxonomical problems (a lack of protection …
Mar 20, 2017
10 minutes
Fuzzing is a method to identify software bugs and vulnerabilities. The current development shows a trend to move fuzzing into the cloud, as cloud fuzzing offers a fuzzing speed increase and lots of extra flexibility compared to classic …
Jan 25, 2017
5 minutes
The focus of this research is to analyze the amount of privacy provided in Windows 10 when using the most restrictive privacy settings available. Windows 10 has been observed to establish encrypted connections to Microsoft servers without a …