Skip to content

{ Tag Archives } pentest

New Advisories: Multiple Vulnerabilities in Geo++(R) GNCASTER

RedTeam Pentesting published three new advisories today. During a pentest, we found security vulnerabilities in the Geo++(R) GNCASTER NTRIP Caster:

RT-SA-2010-001: Insecure handling of long URLs
RT-SA-2010-002: Insecure handling of NMEA-data
RT-SA-2010-003: Faulty implementation of HTTP Digest Authentication

All vulnerabilities have been fixed by the vendor in version 1.4.0.8, so if you happen to run this software, please update [...]

Also tagged ,
2010 01 27 phof Advisories Comments (0)

Why Teamwork Matters

I have already mentioned in this blog post that there’s always standard stuff you have to do in a pentest. Finding all the standard security issues is important for the completeness of the pentest and should never be neglected. You will look rather stupid if you find the remote root exploit that can only be [...]

Also tagged ,
2009 09 15 phof Hacking
RedTeam Comments (0)

Tidy up! Your web app looks like a hog house!

When you’re doing a lot of pentests, you have your standard procedures on how to approach a new test. There is of course always the creative approach, finding the unusual bugs and vulnerabilities, the whole “thinking outside the box” thing. But let’s be honest: A thorough pentest is not all fun and games. There’s also [...]

Also tagged , , ,
2009 06 23 phof Hacking Comments (1)

Rent a Hacker

“Hi, my name is John Doe.”
“Hi John.”
“I work for company X. We are currently planning a penetration test for company Y and need some good pentesters for this. Are you interested?”
“Well, sure. So you want RedTeam Pentesting to conduct a pentest for your client?”
“No, we just need one of your pentesters. He’ll be working under [...]

Also tagged ,
2009 05 13 phof RedTeam Comments (0)

RedTeam Reinforcements

We are happy to announce that as of April, a new member is reinforcing our pentesting team. Alexander Neumann[0] is the new man on board who will live the glorious life of a penetration tester: Working night shifts, not getting your exploits to work, abusive use of caffeine, finding the final vulnerability to root the [...]

Also tagged , ,
2009 04 08 phof RedTeam Comments (0)

Job Security

A new customer, about some experiences with other companies:

“Well, sometimes they find five vulnerabilities and report only four, so they have something ready for the next time.”

This is something that always bothers me, this attitude that a pentest is only successful if you can show new vulnerabilities. If we test a system for a second [...]

Also tagged ,
2009 02 16 phof Hacking Comments (0)