Advisories

rt-sa-2024-009: Moodle: Remote Code Execution via Calculated Questions

rt-sa-2024-008: WatchGuard SSO Client Denial-of-Service

rt-sa-2024-007: WatchGuard SSO Agent Telnet Authentication Bypass

rt-sa-2024-006: WatchGuard SSO Protocol is Unencrypted and Unauthenticated

Additionally to penetration tests, RedTeam Pentesting conducts research in the area of IT security. Penetration tests may also yield interesting security flaws for the public. After consulting with the customer, those will be published, too, as long as the security of the customer is not compromised. A list of all published security advisories can be found here.

Talks

17/06/2024 - Behind the Screens: Insights and Stories of Real-World Penetration Testing, Hasso Plattner Institute

Slides from the talk, held at the event “Recent Topics in Cybersecurity” at the Hasso Plattner Institute.

16/01/2024 - Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt, Studierende treffen Alumni und Unternehmensexpert:innen, FH Aachen University of Applied Sciences

Slides from the talk “Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt”, held at the event “Studierende treffen Alumni und Unternehemensexpert:innen” at the FH Aachen University of Applied Sciences.

02/10/2023 - Gezielter Ausnahmezustand - Penetrationstests

Slides from the talk “Gezielter Ausnahmezustand – Penetrationstests” held as introduction for a discussion as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswer k.

Other Publications

29/02/2012 - “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten”, Slides, 19. DFN-Workshop „Sicherheit in vernetzten Systemen”

Slides and paper for the talk “Theoretische und praktische Risiken der Verwendung von URL-Verkürzungsdiensten”, given on Februar 22nd, 2012 at the 19. DFN-Workshop “Sicherheit in vernetzten Systemen”.