Contact

Contact us

+49 241 510081-0
kontakt@redteam-pentesting.de
Contact form
RedTeam Pentesting HeaderRedTeam Pentesting HeaderRedTeam Pentesting HeaderRedTeam Pentesting HeaderRedTeam Pentesting HeaderRedTeam Pentesting HeaderRedTeam Pentesting HeaderRedTeam Pentesting Header

Updates and News

10/12/2024 - Milesight UG67 Advisories Released

We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.

25/09/2024 - WatchGuard Advisories Released

We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data.

27/08/2024 - Blog Post About Vulnerability in Moodle Released

Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions.

22/07/2024 - Skyhigh Security Secure Web Gateway Advisory Released

New advisory released: Skyhigh Security Secure Web Gateway: Information Disclosure Due to Same Origin Policy Bypass on Block Page.

04/07/2024

On 10 July 2024, Alexander Neumann will give the lecture “Behind the Screens: Insights and Stories of Real-World Penetration Testing“ in German at the IT Center of RWTH Aachen University. The lecture is public and takes place at 16:30 o’clock at the ITC lecture hall at Seffenter Weg 23.

13/06/2024

On 17 June 2024, Alexander Neumann will give a lecture at the Hasso Plattner Institut in Potsdam titled “Behind the Screens: Insights and Stories of Real-World Penetration Testing“. The slides are available for download under Talks.

04/04/2024

As of today, RedTeam Pentesting’s website is available in a new design. Your feedback is welcome.

02/04/2024

RedTeam Pentesting has a new member: Tobias Ferring reinforces the team as a new penetration tester.

17/01/2024

Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.

03/01/2024

We’ve published a blog post about a vulnerability we’ve discovered in Bitwarden at the beginning of 2023. It allowed accessing data from the vault without the password in certain circumstances.

07/11/2023

RedTeam Pentesting has two new members: Severin Schüller and Vincent Drury reinforce the team as new penetration testers.

11/10/2023

RedTeam Pentesting has a new member: Frederic Gorski reinforces the team as a new penetration tester.

11/10/2023

Our new blog post gives an overview of exploiting vulnerabilities in Ghostscript.

04/10/2023

On 2 October 2023 Jens Liebchen held the talk “Gezielter Ausnahmezustand – Penetrationstests” as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswerk. The German language slides are available for download under Publications.

12/07/2023

A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.

05/06/2023

In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX.

30/05/2023

Several advisories for vulnerabilities in the open-source software Pydio Cells released: Unauthorised Role Assignments, Cross-Site Scripting via File Download, Server-Side Request Forgery.

09/05/2023

Today we released our newly developed program resocks. The accompanying blog post covers its usage and technical details.

12/04/2023

Our new blog post describes the approach to integrate our new printer in our office infrastructure aiming to meet our specified security requirements.

10/02/2023

Jens Liebchen held the talk “Physical Security – Wenn Türen zu Firewalls werden” on 7 February 2023 at the Chair for IT Security Infrastructures of the Friedrich-Alexander-Universität Erlangen-Nürnberg. The German language slides are available for download under Publications.

18/01/2023

Alexander Neumann held the talk „Mitbringsel aus dem Alltag: Star Wars in der niedersächsischen Provinz” at the event “Studierende treffen Alumni und Unternehmensexperten” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.

04/11/2022

The German TV show WDR Lokalzeit Aachen reported about our work and our new office.

13/07/2022

Our new blog post introduces and covers common use cases of pretender, a new name resolution sidekick for relaying attacks.

13/06/2022

RedTeam Pentesting has a new member: Roman Karwacik reinforces the team as a new penetration tester.

20/12/2021

Our new blog post describes our approach to discover a backdoor in the Auerswald COMpact 5500R PBX.

14/10/2021

On 21 October 2021 Jens Liebchen will give the German language talk “IT-Sicherheit: Unterwegs zwischen zwei Welten” at 14:30 o’clock at the Technologiezentrum Aachen (powered by Techniker Krankenkasse). Register at konferenz@tza-aachen.de in order to participate. The 3G rule applies.

18/06/2021

On the German podcast Digital genial by proALPHA we talk about cyber crime and how companies can better protect themselves through penetration tests.

21/05/2021

Today we released our encryption solution for the reMarkable 2 ePaper tablet on GitHub. An additional blog post outlines our threat model and the development process.

04/05/2021

RedTeam Pentesting has a new member: Jan Kruse reinforces the team as a new penetration tester.

04/03/2021

Our new blog post discusses easy readable styling of program calls by using curl as an example.

22/02/2021

On 23 February 2021 Jens Liebchen will give the German language talk “(Un-)Sicherheit voraus” for the Rotary Club Aachen-Frankenburg.

25/01/2021

Keeping up the good tradition, Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 26 January 2021 in the context of the lecture “Angewandte IT-Sicherheit” at the Lehrstuhls für IT-Sicherheitsinfrastrukturen (Chair for IT Security Infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg in form of a video conference.

04/01/2021

RedTeam Pentesting has a new member: Peter Ott reinforces the team as a new penetration tester.

04/01/2021

Our third blog post deals with the exploitation of a PHP deserialization vulnerability, using the Yii PHP framework as an example.

02/12/2020

Our new blog post covers an introduction and common use cases for the tool monsoon which we developed.

02/11/2020

Today we released our new blog. The first post describes analysis and exploitation of a vulnerability in Apache Tomcat.

26/08/2020

RedTeam Pentesting can now be found on GitHub. Today the HTTP enumerator monsoon has been released.

16/06/2020

RedTeam Pentesting is hiring new employees to reinforce our teams! Further information can be found on our new career website (German only).

02/01/2020

RedTeam Pentesting has a new member: Lucas Vater reinforces the team as a new penetration tester.

28/10/2019

Keeping up the good tradition, Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 31 October 2019 in the context of the lecture “Angewandte IT-Sicherheit” at the Lehrstuhls für IT-Sicherheitsinfrastrukturen (Chair for IT Security Infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg. Following the talk there will be a practical introduction to lock picking.

02/07/2019

On 5 July 2019 Jonas Lieb will give a talk about pentesting at the III. Physikalisches Institut B of the RWTH Aachen University in the context of the event Freitagsseminar.

19/06/2019

On 24 June 2019 Jonas Lieb will give the German language talk “Pentesting in der Praxis” at the practical Hacker training in the context of the bachelor of computer science at the Bonn-Rhein-Sieg University of Applied Sciences in Sankt Augustin.

17/05/2019

RedTeam Pentesting has a new member: Merlin Marek reinforces the team as a new penetration tester.

27/03/2019

Three new advisories concerning improperly fixed vulnerabilities in Cisco RV320 Dual Gigabit WAN VPN Routers released: Unauthenticated Configuration Export, Unauthenticated Diagnostic Data Retrieval and Command Injection.

23/01/2019

Three new advisories for Cisco RV320 Dual Gigabit WAN VPN Router released: Unauthenticated Configuration Export, Unauthenticated Diagnostic Data Retrieval and Command Injection.

02/01/2019

RedTeam Pentesting has a new member: Erik Geiser reinforces the team as a new penetration tester.

28/11/2018

On 4 December 2018 Alexander Neumann will give the German language talk “Sicherer Umgang mit Daten auf SSDs” at the IT-Sicherheitstag NRW by the IHK NRW. The German language slides are available for download under Publications.

25/10/2018

Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 30 October 2018 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (Chair for IT Security Infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be a practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.

23/10/2018

On 25 October 2018 Alexander Neumann will give the German language talk “Sicheres Löschen von Daten auf SSDs” at the practical Hacker training in the context of the bachelor of computer science at the Bonn-Rhein-Sieg University of Applied Sciences in Sankt Augustin.

05/10/2018

Jens Liebchen was interviewed for the article „In fremder Hand” by the IHK Aachen.

25/09/2018

At the event “Mit Sicherheit! - Offener Austausch und Diskussion mit IT-Sicherheitsexperten” by the IHK Aachen on 11 October 2018 Jens Liebchen will answer your questions about IT security. Participation is free after registration.

13/08/2018

The weekend of 25 August - 26 August 2018, RedTeam Pentesting will again be present with a booth as a gold sponsor at FrOSCon in Bonn/St. Augustin. RedTeam Pentesting is always looking for new employees, we are happy to talk to you in person!

23/05/2018

On 23 May 2018 Alexander Neumann will give the German language talk “Sicheres Löschen von Daten auf SSDs” at the 8. IT-Forensik Workshop at the FH Aachen

08/03/2018

New security advisory released: rt-sa-2018-001: Arbitrary Redirect in Tuleap.

01/03/2018

RedTeam Pentesting has a new member: Jonas Lieb reinforces the team as a new penetration tester.

13/02/2018

RedTeam Pentesting has a new member: Yvonne Breuer reinforces the team as a new penetration tester.

15/01/2018

New security advisory released: rt-sa-2017-013: Truncation of SAML Attributes in Shibboleth 2.

15/11/2017

On 16 November 2017 Alexander Neumann will give the German language talk “Sicheres Löschen von Daten auf SSDs” at the 41. DAFTA in Cologne

26/10/2017

Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 26 October 2017 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.

17/10/2017

RedTeam Pentesting has a new member: Daniel Küppers reinforces the team as a new penetration tester.

17/08/2017

As gold sponsor RedTeam Pentesting has a booth at FrOSCon in Bonn/St. Augustin next weekend (19 August - 20 August 2017). Alexander Neumann will give the presentation “Sicheres Löschen von Daten auf SSDs” (German) at 10:00 am on Saturday in room HS1.

17/05/2017

On 19 May 2017, RedTeam Pentesting presents itself at the “ITS.Connect 2017” in Bochum and shares insights into the day-to-day work of a penetration tester.

24/04/2017

RedTeam Pentesting is nominated for the AC² Regional Innovation Award 2017. The winner will be announced on June 1st in the coronation chamber of Aachen City Hall.

11/04/2017

Till Maas writes in the article “Aus der Praxis: Wie man einen Multifunktionsdrucker absichert” on the German website Heise Business Services about experiences with securing a multi-function printer.

06/04/2017

Patrick Hof represents RedTeam Pentesting at the G20 Multi Stakeholder Conference „Digitalisation: Policies for a Digital Future”.

09/03/2017

NRW.INVEST presents RedTeam Pentesting’s company profile in the magazine “Movers & Shakers in NRW” as one of the leading companies in their business.

24/02/2017

RedTeam Pentesting is excited to support the FrOSCon in Bonn/St. Augustin this year as gold sponsor. See you there!

30/01/2017

Follow RedTeam Pentesting on Twitter to get the latest updates about RedTeam and the IT-security world!

16/12/2016

On 19 December 2016, Patrick Hof will give a guest lecture with the title “Operating Systems Security And Why It (Mostly) Doesn’t Matter” in the module Operating Systems Security at Radboud Universiteit Nijmegen.

17/11/2016

On 11/07/16, the german TV station WDR showed in its Servicezeit program a report with RedTeam Pentesting about a vulnerability in the AVM FRITZ!Box firmware which allowed attackers to initiate phone calls on behalf of the owner of the FRITZ!Box.

24/10/2016

Jens Liebchen will give the talk “Alles wird gut? Über Menschen, Angreifer & die Zukunft” (Everything will be fine? About humans, attackers and the future) on 2 November 2016 at the Leetcon.

24/10/2016

Alexander Neumann will give the talk “Daten löschen, aber richtig - über die Besonderheiten von SSDs” (Deleting data the right way - about the specialities of SSDs) on 2 November 2016 at the Leetcon.

17/10/2016

Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 20 October 2016 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.

10/10/2016

The Handelsblatt reports in the article “Der Hacker als Helfer” about RedTeam Pentesting.

11/05/2016

The slides of the talk “Penetration Tester – Click Monkey or Creative Hacker?”, held by Sebastian Chrobak at the Security Lab 2016 of the Research Group IT-Security of the RWTH Aachen University, are now available in the publications section.

26/04/2016

The slides of the talk “Was Dein ist, ist Mein – Datensicherheit aus der Angreiferperspektive”, held by Jens Liebchen on the occasion of the World Intellectual Property Day at the TZ Aachen, are now available in the publications section.

25/04/2016

Today, the article “Immer auf der Suche nach Schwachstellen” about RedTeam Pentesting’s work was published in Aachener Zeitung (Issue 25. April 2015, Page 6). It is also available online (AZ).

24/03/2016

The state of North Rhine-Westphalia has awarded RedTeam Pentesting for its outstanding performance as a “worldwide market leader specialized in penetration testing” as part of the campaign GERMANY AT ITS BEST. A certificate issued by the state’s ministry for economic affairs is available for download.

22/03/2016

New security advisory released: Cross-site Scripting in Securimage 3.6.22

15/02/2016

At 2 p.m. on 17 February 2016, Jens Liebchen will be part of an expert panel in the (German language) live webcast “Sind Ihre Drucker ausreichend gegen Angriffe geschützt?” of heise Business Services. The panel will discuss the role that printers and multi-function peripherals play for the IT security of businesses. Participants are required to register prior to the event.

26/01/2016

On 6 February, Till Maas will give the talk “Let’s Encrypt with Best Practices” at the DevConf.cz conference in Brno, Czech Republic.

08/01/2016

New security advisory released: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials

04/01/2016

RedTeam Pentesting has a new member: Philip Huppert reinforces the team as a new penetration tester.

16/12/2015

On 21 December, Sebastian Chrobak and Jens Liebchen will give a talk about physical security and host a subsequent discussion concerning IT security in practice. The talk and discussion will take place in context of the lecture IT Security 1 of the Research Group IT-Security at the RWTH Aachen University.

30/11/2015

Todays issue 231 of the German Handelsblatt contains the article “Wo ist die Schwachstelle?” that quotes Jens Liebchen, CEO of RedTeam Pentesting GmbH.

06/11/2015

RedTeam Pentesting has a new member: David Brown reinforces the team as a new penetration tester.

08/10/2015

New security advisory released: rt-sa-2015-006: Buffalo LinkStation Authentication Bypass

18/08/2015

The slides from the talk “Security Threats at Conferences”, held at the Flock 2015 conference in Rochester, NY, USA are now available in the publications section.

06/08/2015

We are happy to be able to support the city of Aachen’s campaign “Wussten Sie schon, dass…” in promoting the Technology Region Aachen. Our contribution can be found on the website of the city of Aachen, or on our own website as a PDF document or as an image file.

27/07/2015

On 12 August, Till Maas will give the talk “Security Threats at Conferences” at the Fedora Contributor Conference in Rochester, NY, USA.

15/06/2015

New security advisory released: rt-sa-2015-002: SQL Injection in TYPO3 Extension Akronymmanager

08/06/2015

On 18 June, Hanno Heinrichs will give the (German language) talk “Your Home is my Castle” at the Cryptoparty organised by the Fachschaft Mathematik/Physik/Informatik of RWTH Aachen University.

08/06/2015

On 8 July RedTeam Pentesting will present itself at the bonding CyberDay 2015 in Aachen. Jens Liebchen will also give the (German language) talk “Beruf: Hacker” which will give an insight into the work as a penetration tester.

26/05/2015

The Audit Challenge conference for audit methodology will take place in Frankfurt from 8 until 12 June. Thursday the 11th will host presentations and discussions on the topic of fraud investigation and prevention. RedTeam Pentesting will give a presentation and will take part in a panel discussion on prevention measures relevant to Industry 4.0.

10/03/2015

On 18 March, Patrick Hof will give the (German language) talk „Achtung, Unfall voraus…?” on IT security in public transport companies at the itcs seminar of the year 2015 „Innovationen rund um die Echtzeit” by the VDV.

10/02/2015

On 25 February 2015, Jens Liebchen will be at the 22. DFN-Konferenz “Sicherheit in vernetzten Systemen” in Hamburg, discussing success factors for good penetration tests based on his practical experience as a penetration tester. The language of the talk will be German.

21/01/2015

New security advisory released: rt-sa-2014-010: AVM FRITZ!Box Firmware Signature Bypass

03/12/2014

The (German) slides from the talk “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, held at the IT-Sicherheitstag NRW in Hagen are now available in the publications section.

01/12/2014

New security advisory released: rt-sa-2014-012: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
The vulnerability enables attackers to fully compromise the application servers that host the mobile device management components and therefore most likely also all devices managed through the solution.

07/10/2014

On 10 December 2014 Patrick Hof will give a live interview at the 2. SZ-Fachkonferenz: Versicherung und Internet on the topic “Hackerangriffe – wie die Profis vorgehen: Wo liegen die größten Sicherheitslücken?”. The language of the interview will be German.

07/10/2014

On 3 December 2014 Jens Liebchen will give a talk at the IT-Sicherheitstag NRW on the topic “Angriff zur Verteidigung - Erfolgsfaktoren für gute Penetrationstests”. The language of the talk will be German.

06/10/2014

RedTeam Pentesting has a new member: Hanno Heinrichs reinforces the team as a new penetration tester.

27/05/2014

On 17 June 2014 Jens Liebchen will give the talk “Multifunktionsdruckgeräte und IT-Sicherheit: Ein Erfahrungsbericht” at the VDE Regio Aachen course of lectures on IT security. The talk will be held in the lecture room FT of the RWTH Aachen (Melatener Str. 23-25, 52074 Aachen). There is no entrace fee and visitors are explicitly welcome. The language of the talk will be German.

13/05/2014

The new category testmonials contains anonymised customer statements about RedTeam Pentesting’s services. The testimonials displayed are rotated on a regular basis, to provide a comprehensive picture.

05/05/2014

RedTeam Pentesting has a new member: Sebastian Neumann reinforces the team as a new penetration tester.

13/01/2014

On 16 January, Patrick Hof will give the (German language) talk “IT-Sicherheit und Kryptographie in der Praxis” at the Cryptoparty organised by the Fachschaft Mathematik/Physik/Informatik of RWTH Aachen University.

24/10/2013

On invitation by the GDD Jens Liebchen will give a talk titled “Jailbreaking Your MFP for more Security - MFPs, sensible Druckdaten und IT-Sicherheit: Ein Erfahrungsbericht” at the 37. Datenschutzfachtagung (DAFTA) held in Cologne from 14 to 15 November 2013.

24/10/2013

On 29 November 2013 Jens Liebchen will give the talk “Jailbreaking Your MFP for more Security - MFPs, sensible Druckdaten und IT-Sicherheit: Ein Erfahrungsbericht” at the computing centre of the RWTH Aachen University. The talk will take place in the lecture room of the Rechenzentrum from noon to 2pm. External visitors are explicitly welcome. After the talk there will be room for an interactive session and open discussion. The language of the talk will be German.

10/10/2013

Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 25 October 2013 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . Following the talk there will be practical introduction to lock picking. RedTeam Pentesting is glad to be able to support the University with a presentation and practical expertise again.

09/09/2013

RedTeam Pentesting is happy to sponsor the capture the flag contest “rwthCTF 2013” of RWTH Aachen University’s Research Group IT Security. The CTF starts on 9 November at 2pm (CET) and ends on 10 November at 2am.

19/07/2013

By 31 July 2013, Claus R. F. Overbeck will leave RedTeam Pentesting GmbH. This step was meticulously prepared over the last six months. With the familiar executives Patrick Hof and Jens Liebchen, RedTeam Pentesting GmbH’s team will continue to offer penetration tests in the established high quality.

01/07/2013

RedTeam Pentesting has a new member: Lukas Kupczyk reinforces the team as a new penetration tester.

16/05/2013

On 25 May 2013, Jens Liebchen will give the talk “Jailbreaking Your MFP for More Security” at the LinuxTag 2013 in Berlin. The talk was already given with much success at the 20. DFN Workshop in February.

01/03/2013

The German magazine “Wirtschaftliche Nachrichten” of the IHK Aachen reports in the article “Angriff auf Abruf” about the work as penetration tester at RedTeam Pentesting.

20/02/2013

The (German) slides for the talk “Jailbreaking Your MFP for More Security” given by Jens Liebchen at the 20. DFN-Workshop “Sicherheit in vernetzten Systemen” are available in the publications section.

22/01/2013

Today Stella Peters of eldoradio* (a German radio station) interviewed Jens Liebchen about penetration tests and job trainings for penetration testers. The German interview will be aired on 01/23/2013 and will be available as a podcast afterwards.

08/01/2013

RedTeam Pentesting has a new member: Benjamin Grap reinforces the team as a new penetration tester.

08/01/2013

On 20 February 2013, Jens Liebchen of RedTeam Pentesting will hold the talk “Jailbreaking Your MFP for More Security” at the 20. DFN-Workshop “Sicherheit in vernetzten Systemen” in Hamburg. The talk will cover the pitfalls of purchasing and operating MFPs (multi-function printer) in sensitive environments and will highlight some creative ways of avoiding or remedying them.

07/11/2012

RedTeam Pentesting is happy to sponsor the capture the flag contest “rwthCTF 2012” of RWTH Aachen University’s Research Group IT Security. The CTF starts on 30 November at 2pm (CET) and ends on 1 December at 2am.

18/10/2012

Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 30 October 2012 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg . RedTeam Pentesting is glad to be able to again support the University with a presentation and practical expertise.

10/10/2012

Patrick Hof was interviewed by the Deutsche Welle for their online article “Cyber attacks turn into a business model” about distributed denial of service (DDoS) attacks against banking IT.

03/09/2012

Open positions for penetration testers! More information in the new career section.

21/06/2012

The (German) slides for the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen” given by Patrick Hof at the ESMT Management Update 2012 are available in the publications section.

26/04/2012

The (German) slides for the talk “Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen” given at IHK Aachen are available in the publication section.

05/04/2012

On 25 April 2012 Jens Liebchen will hold a lecture at the Technologieforum IT & Telekommunikation ”Datensicherheit – Wie schütze ich mein Unternehmen” at the IHK Aachen with the topic ”Sicherheit und Industriespionage – Von technischen und menschlichen Schwächen”. Attendance is free, but registration at IHK Aachen is required. The lecture will be held in German.

31/03/2012

Jens Liebchen gave an interview to the German online magazine “All About SECURITY” about the topic “Welche Argumente lassen sich für die Begründung eines Pentests heranziehen?” (good reasons for penetration tests).

29/02/2012

The slides and paper for the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten” given by Alexander Neumann on Februar 22nd, 2012 at the 19. DFN-Workshop “Sicherheit in vernetzten Systemen” can be found in the publications section.

13/02/2012

On 22 February 2012, Alexander Neumann will give the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten” about the risks of using URL shortening services at the 19th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the second workshop day, 9:30am.

30/11/2011

Jens Liebchen was interviewed by the radio station DRadio Wissen for the news item “Bundesweiter Penetrationstest” about the German crisis management exercise LÜKEX (Länder Übergreifende Krisenmanagement-Übung) 2011.

24/11/2011

Claus Overbeck was interviewed by the German magazine Wirtschaftswoche for the article “Lautlose Attacken aus dem Netz”.

26/10/2011

Jens Liebchen will give the talk “Physical Security - Wenn Türen zu Firewalls werden” on 8 November 2011 at the Lehrstuhl für IT-Sicherheitsinfrastrukturen (chair for IT security infrastructures) of the Friedrich-Alexander-Universität Erlangen-Nürnberg and 5 Dezember 2011 at the Fachhochschule Aachen in the course Informationssicherheit (information security). RedTeam Pentesting is glad to be able to again support Universities with a presentation and practical expertise.

04/10/2011

RedTeam Pentesting has a new member: Matthias Lederhofer reinforces the team as a new penetration tester.

28/09/2011

The fluter Magazine of the German Federal Agency for Civic Education cites Patrick Hof on the topic of penetration tests in the article “Krieg oder Cyberprotest”.

23/09/2011

Issue 05/2011 of ADMIN Magazine will include the english translation of an article about physical security written by RedTeam Pentesting, that was already published in the German edition. Release dates are October 7 for the EU, November 11 for the US and December 12 for the australian edition.

14/09/2011

Jens Liebchen answers questions about online banking security today at 6:20pm for the German TV show WDR Servicezeit.

13/09/2011

RedTeam Pentesting is using a new telephone number. From now on you can reach RedTeam Pentesting via phone at +49 241 510081-0 or via fax at +49 241 510081-99. We are looking forward to your call!

26/07/2011

On August 5 2011 at 2:00pm, Alexander Neumann will give a talk about “Exploiting Padding Oracles in Practice” at the IT Security Research Group (in the seminar room) of RWTH Aachen University. Everybody is welcome to join the free talk, though cryptographic knowledge is needed. The talk will be given in German.

13/07/2011

In the current edition of the German magazine ADMIN-Magazin an article about physical security written by RedTeam Pentesting was published.

05/07/2011

Patrick Hof talks about risks of online banking today at 5:30pm in Das Sat.1 Magazin.

14/06/2011

On July 1st, Patrick Hof will hold the workshop “Aktuelle Fälle von Datendiebstahl und wie sie grundsätzlich funktionieren - Hintergrundwissen für Journalisten” at the Netzwerk Recherche’s Jahreskonferenz 2011 in Hamburg.

08/06/2011

Jens Liebchen comments on new security measures for online banking for the German TV station n-tv. The interview will be aired on June 10, 2011.

17/05/2011

On May 26 2011, Alexander Neumann will give a talk about “Security and Privacy Implications of URL Shortening Services” at the IEEE Symposium on Security and Privacy in the workshop part Web 2.0 Security and Privacy 2011 (W2SP) in Oakland, California.

19/04/2011

RedTeam Pentesting demonstrates for the German TV show MDR Umschau how easy unauthorised persons can break into hotel rooms.

18/04/2011

Claus Overbeck of RedTeam Pentesting talked about penetration testing in the interview “Wir brechen tagtäglich ein” with the German WirtschaftsWoche.

31/03/2011

RedTeam Pentesting has a new member: Angel Tchorbadjiiski reinforces the team as a new penetration tester.

26/02/2011

Jens Liebchen of RedTeam Pentesting was interviewed for the German article “Das Handy als Autoschlüssel oder Kreditkarte” by the WDR and talks about near field communication.

21/02/2011

Jens Liebchen of RedTeam Pentesting was interviewed for the German article “Banken schaffen TAN-Listen ab” by the WDR and talks about new and old risks of online banking.

18/02/2011

Jens Liebchen held the talk “Physical Security - Wenn Türen zu Firewalls werden” at the 18th DFN Workshop. The slides from the talk can be found in the publications section.

09/02/2011

A video of Claus Overbeck’s talk about “Ten Commandments of IT-Security for WEB 2.0 Startups” is now available at the HackFwd Blog and on Vimeo.

26/01/2011

On February 10th, RedTeam Pentesting will give the talk “Physical Security - Wenn Türen zu Firewalls werden” about physical security and its relation to IT security at the 18th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the second workshop day, 10:00am.

10/12/2010

Claus Overbeck held a talk about “Ten Commandments of IT-Security for WEB 2.0 Startups” at the HackFwd Build 0.4. The slides from the talk can be found in the publications section.

12/11/2010

Jens Liebchen of RedTeam Pentesting was interviewed for the report “Gefahr durch Industriespionage” of the WDR programme WESTPOL. It will be part of the show broadcast on November 14, 2010, at 7:30pm.

22/09/2010

On September 2010, RedTeam Pentesting will give the lightning talk “Forgotten JBoss AS exploitation techniques” at the BruCON security conference in Brussels.

20/08/2010

On August 31, 2010 RedTeam Pentesting will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” at the event Praktische IT-Sicherheit, Hochschule Bonn-Rhein-Sieg.

12/07/2010

The slides plus link collection for the workshop “Un(der)cover - Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse”, held at the Netzwerk Recherche’s annual conference 2010 in Hamburg, are now available under Publications.

06/07/2010

On July 9th, RedTeam Pentesting will hold the workshop “Un(der)cover - Von der Online-Recherche hin zur gezielten Generierung neuer Informationsflüsse” at the Netzwerk Recherche’s Jahreskonferenz 2010 in Hamburg.

18/06/2010

RedTeam Pentesting will be present at the Informatica 2010 in Aachen on June 25th, 2010. More information is available in Regina e.V.’s program schedule (German).

15/06/2010

As of now, a new information page about JBoss Security is available. It also contains the new whitepaper “JBoss AS - Deploying WARs with the DeploymentFileRepository MBean” and scripts for download.

13/04/2010

On April 21, 2010 RedTeam Pentesting GmbH will present the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” (in German) at the Bachelor-Vertiefungspraktikum zur Hackertechnik of the Chair for Network and Data Security, Ruhr-Universität Bochum.

07/04/2010

RedTeam Pentesting GmbH will be presenting the talk “Peeking into Pandora’s Bochs - instrumenting a full system emulator to analyse malicious software” at the Hackito Ergo Sum IT security conference in Paris (April 08th-10th 2010).

05/02/2010

On February 9th, RedTeam Pentesting will give the talk “Emulationsbasiertes Entpacken von laufzeitgepackten Schadprogrammen und darüber hinaus” about emulation based unpacking of runtime packed malware at the 17th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the first workshop day, 4:15pm.

27/01/2010

Three new advisories released: Security vulnerabilities in the Geo++(R) GNCASTER NTRIP Caster.

24/11/2009

The paper “Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System” is now also available in English.

20/11/2009

RedTeam Pentesting examined the online banking systems iTAN and chipTAN comfort and devised attacks against them for the German TV magazine Planetopia on SAT1. The results will be shown on November 22nd, 2009 at 10:45pm. Full details about all attacks will be published on Monday, November 23rd, 2009 under Publications.
[Update] The video “Vorsicht beim Online-Banking – Wie unsicher ist die neue chipTAN?” can now be watched on the Planetopia website.
[Update] The video is not available anymore.

02/11/2009

RTL Télé Lëtzebuerg published a short report about hack.lu 2009, including a part about RedTeam Pentesting GmbH.

02/11/2009

The (German) article “Ubiquitous Security – ganz gewöhnliche Angriffsvektoren”, published by SearchSecurity.de is now listed in the “press” section. The article contains commentary by Jens Liebchen of RedTeam Pentesting GmbH.

30/10/2009

While attending the hack.lu security conference in Luxembourg, RTL Télé Lëtzebuerg did a short interview with RedTeam Pentesting. It is scheduled to be shown during today’s evening news “De Journal” at 19:30. You can watch it at the RTL Livestream.

23/10/2009

RedTeam Pentesting GmbH will be presenting the talk “Peeking into Pandora’s Bochs - instrumenting a full system emulator to analyse malicious software” at the hack.lu IT security conference in Luxembourg (October 28th-30th 2009).

10/08/2009

New advisory: Authenticated arbitrary code execution in Papoo CMS.

28/07/2009

RedTeam Pentesting will present the talk „Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” at FrOSCon. FrOSCon is a two-day conference about Free Software and Open Source. .

03/06/2009

The Whitepaper of the talk “Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” is now available at the Publications page. It contains detailed descriptions of the attacks presented in the talk.

02/06/2009

On June 17th 2009, RedTeam Pentesting will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” (German) at the IHK Aachen. The event happens together with the Verfassungsschutz NRW and the Landesinitiative secure-it.nrw. The central theme of the talk will be examples from penetration tests and real cases of industrial espionage, which point out surprising risk factors.

14/05/2009

As of today, RedTeam Pentesting’s website is available in a new design. Following this update, the contents will also be expanded and updated over time.

05/05/2009

Four advisories concerning the IceWarp eMail Server released.

04/05/2009

On May 19th 2009, RedTeam Pentesting will give the talk „Bridging the Gap between the Enterprise and You - or - Who’s the JBoss now” at the Center for Computing and Communication of RWTH Aachen University. Because of the available time, all attacks can be demonstrated live. Participation is free for everyone interested, only a registration is required.

04/05/2009

On May 8th 2009, RedTeam Pentesting is represented with a booth at the 25th anniversary celebrations of the Technology Centre Aachen. Amongst other things, RedTeam Pentesting will show how to eavesdrop on DECT telephones. Visitors are encouraged to bring their own telephones, which will then be examined on-site.

06/04/2009

RedTeam Pentesting has a new member: Alexander Neumann reinforces the team as a new penetration tester.

06/04/2009

Euregio aktuell mentions RedTeam Pentesting in their article “Europäische Tagung in Aachen” (European conference in Aachen), which happened in the context of the EU project FIN-URB-ACT.

09/03/2009

The slides from the talk “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” held at the security day of the open source forum at the CeBIT are now online.

27/02/2009

On March 04, 2009 RedTeam Pentesting will give a talk at the EiPSI Seminar of the Eindhoven University of Technology with the title “Practical Security and Crypto: Why Mallory Sometimes Doesn’t Care”.

27/02/2009

On March 06, 2009 RedTeam Pentesting will give a talk at the CeBIT with the title “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” (in German) at the Open Source forum’s security day. The German Linux Magazine will also do a live streaming of the event.

09/02/2009

On 17th/18th February 2009, RedTeam is attending the IT Security Gipfel 16 in Berlin.

16/01/2009

On January the 22th 2009, RedTeam Pentesting will give the talk “IT-Security in Theorie und Praxis” at the IHK Arnsberg.

05/01/2009

On March 17th, RedTeam Pentesting will give the talk “Bridging the Gap between the Enterprise and You” about vulnerabilities in JBoss AS installations at the 16th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg. The talk will be on the first workshop day, after the keynote.

02/01/2009

The Gründerregion Aachen interviewed RedTeam Pentesting about the risks of Web 2.0 technologies for issue 3/2008 of their news journal “Gründerzeitung”.

20/10/2008

RedTeam Pentesting is taking part in the IT Security Gipfel 15 in Berlin.

20/10/2008

RedTeam Pentesting will give a talk titled “Bridging the Gap between the Enterprise and You” at the security conference hack.lu 2008 on 23rd October. The talk covers typical vulnerabilities of JBoss installations and their exploitation.

09/10/2008

RedTeam Pentesting has grown substantially and moved to new premises within the Aachen Technology Centre. Telephone and Fax numbers remain the same.

19/09/2008

On September 24, RedTeam Pentesting will give a (German language) talk titled “IT-Security in Theorie und Praxis - Über ‘harmlose’ Geräte und andere Denkfehler” at the event “Brennpunkt IT-Sicherheit: Risiken - Strategien - Konzepte“ at the Technologiezentrum am Europaplatz in Aachen.

13/06/2008

Stern.de published an article (German) about vulnerabilities, that RedTeam Pentesting demonstrated in cooperation with the Independent Centre for Privacy Protection Schleswig-Holstein (ULD).

02/06/2008

In collaboration with the Independent Centre for Privacy Protection Schleswig-Holstein (ULD), RedTeam Pentesting revealed on behalf of the german TV show ZDF Frontal21 security vulnerabilities in MFPs (Multi Function Peripherals). The show airs on June the 3rd, 9:00pm.

29/04/2008

The Slides of the talk “Penetration Testing - Praxis and Beyond” at the working group Security of the German speaking Bull User Society are now online.

25/03/2008

On 03/26/08, the german TV station WDR shows in its Servicezeit Familie program a report with RedTeam Pentesting about the dangers of online banking.

19/03/2008

At the Sicherheit 2008 (2nd-4th of April 2008) conference we will be giving a talk about a graph-theoretic approach to estimating costs of penetration tests. As a sponsor of the conference we will also be present with a booth.

11/03/2008

Two advisories concerning MapBender released.

21/01/2008

The german print magazine Focus Magazin publishes a cover story about online banking security in issue 04/2008. RedTeam Pentesting has given an interview.

14/01/2008

Claus Overbeck will give a talk about efficient observation of botnets at 15th DFN Workshop “Sicherheit in vernetzten Systemen”.

22/10/2007

The slides from the talk “Botspy - Efficient Observation of Botnets” at the hack.lu security conference are online.

26/09/2007

RedTeam Pentesting will hold a workshop (in german) on 09/29/07 with the topic “Effektive Onlinerecherche im Internet” (effective online research in the Internet) at the “Zukunftskongress Ethik 2.0 - Schöne neue Online-Welt?” of the Journalistenverband Baden-Württemberg and the DJV-Bundesfachausschuss Online.

17/09/2007

Remote command execution in Alcatel-Lucent OmniPCX

30/07/2007

All About Security has published an (German) interview with RedTeam Pentesting.

13/07/2007

Four advisories concerning ActiveWeb Contentserver CMS released.

21/03/2007

The slides from the German talk at the IHK Aachen (Chamber of Industry and Commerce in Aachen) can be downloaded in the publications area.

07/03/2007

RedTeam Pentesting will support the event called IT-(Un-)Sicherheit - Augen zu und durch? Oder Penetrationtests durchführen lassen organized by the German Chamber of Industry and Commerce in Aachen at 03/21/07.

07/02/2007

The slides from the German talk “IT-Security aus dem Nähkästchen - oder - »Das kann mir nicht passieren…«” are available for download in the publications section.

01/02/2007

At February, the 7th - 8th, there will be a German it-security conference called “14. Workshop “Sicherheit in vernetzten Systemen” in Hamburg. RedTeam Pentesting will give a talk titled “IT-Security aus dem Nähkästchen - oder - Das kann mir nicht passieren…” there.

12/12/2006

New articel in German magazin “Der EDV-Leiter” published. The article is available for download here (German PDF).

06/11/2006

Dec. the 08th, RedTeam Pentesting will hold a talk about Pentesting. This will take place in the context of the event “IT-Security as a guarantee for success” at the AGIT, organized by ACC-EC.

20/10/2006

RedTeam Pentesting held a talk at the Hack.lu 2006 about the cryptochallenge of the Hack.lu 2005. The slides can be downloaded under publications.

12/10/2006

RedTeam supports the NRW-Forschungstag IT-Sicherheit. Besides the manifold talks there is a dedicated area with selected exhibitors. The event aims especially at a better co-operation between science and economy and takes place on Wednesday, October 25th, in Aachen. There is no entrence fee.

12/09/2006

The German radio station Eins Live did an interview with RedTeam covering the subjects IT security in research and teaching as well as the experience of our daily work. There is an accompanying article in German available under the title “Hacken lernen in Aachen” (“learning to hack in Aix-la-Chapelle”).

31/08/2006

The slides from the presentation at the OpenChaos can now be found under publications.

29/08/2006

The news article “Studieren in der Grauzone” is linked under press. Die Zeit reports on world’s best hackers from Aachen.

24/08/2006

The Chaos Computer Club Cologne e.V. (C4) invited RedTeam to give a talk within their OpenChaos events. The talk with the topic “Hacking for Security - Penetrationtests” will take place on Thursday, August 31st, 08:00 pm local time on the premises of the C4 and is open for everyone. The talk will be held in German.

20/07/2006

Vulnerable regular expression in planetGallery discovered.
rt-sa-2006-006: Remote command injection

15/06/2006

Two new security advisories regarding phpBannerExchange released: Especially interesting is the circumvention of the eregi()-input-checking using a nullbyte in rt-sa-2006-005 because of a design flaw in PHP.
rt-sa-2006-004: Authentication bypass in phpBannerExchange
rt-sa-2006-005: Unauthorized password recovery in phpBannerExchange

22/05/2006

Podcast Clients: Two new advisories released: Prodder Remote Arbitrary Command Execution & Perlpodder Remote Arbitrary Command Execution

20/04/2006

Added more information about PenTests

22/02/2006

In cooperation with the Center for Computing and Communication of RWTH Aachen University RedTeam will repeat the speech about penetration tests on March, 6nd, at 02:00 pm because of the great demand. The event titled “Hacking for your Security - Penetrationtesting - reloaded” will be in German again and the registration has just started.