Other Publications
Slides and paper for the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten”, given on Februar 22nd, 2012 at the 19. DFN-Workshop “Sicherheit in vernetzten Systemen”.
Information page about JBoss security with new whitepaper “JBoss AS – Deploying WARs with the DeploymentFileRepository MBean”.
Video of the talk “Bridging the Gap between the Enterprise and You – or – Who’s the JBoss now”, held at the Bachelor-Vertiefungspraktikum zur Hackertechnik of the Chair for Network and Data Security, Ruhr-Universität Bochum.
RedTeam Pentesting has developed proof of concept code to exploit the vulnerability in the TLS protocol that was published in the beginning of November 2009.
Whitepaper for the talks “Bridging the Gap between the Enterprise and You – or – Who’s the JBoss now”, held at hack.lu 2008, the 16th DFN-CERT Workshop and at RWTH Aachen University. The Whitepaper contains detailed descriptions of the attacks presented in the talks.
ChipTAN comfort is a new system that uses a trusted device to securely authorise transactions in online banking. RedTeam Pentesting has examined chipTAN comfort and was able to discover some vulnerabilities in this new system.
Whitepaper for the talk “Bridging the Gap between the Enterprise and You – or – Who’s the JBoss now”, held at hack.lu 2008, the 16th DFN-CERT Workshop and at RWTH Aachen University. The Whitepaper contains detailed descriptions of the attacks presented in the talk.
Paper from the talk “Iterative Kompromittierungsgraphverfeinerung als methodische Grundlage für Netzwerkpenetrationstests”, held at the Sicherheit 2008 security conference in Saarbrücken. The paper was published in the series “Lecture Notes in Informatics” in volume P-128 (ISSN 1617-5468, ISBN 978-3-88579-222-2).
Jens Liebchen reports about practical experiences doing penetration tests in an article in the german journal “Der EDV-Leiter”.
An article discussing the ideas and procedures of a penetration test, written for MISC (Multi-System & Internet Security Cookbook), a technical magazine about IT-Security.
Press release regarding the introduction of the iTAN system by many german online banks. The release points out the false security promises of the banks and outlines a Man-in-the-Middle attack, showing how it is still possible for phishers et al to get your account data. More articles and references can be found under Press.