Another story from the trenches:
Client: “You will have to work on site for this job. The data you’re gonna work with is of course highly sensitive and confidential. We cannot risk any of it to leave the company premises.”
Ok, so at this point, you usually prepare yourself to disillusion the client about how secure large [...]
Tagged on-site, policy, security, trustWe found the following funny config setting in our new LANCOM device:
For those with only limited German language knowledge (or a textmode-only RSS feed reader or browser): It reads
Admin Gender
unknown
male
female
geek
Sometimes, there’s just nothing more to say. It’s also a really nice touch to add this in the “expert configuration” area. Like they wanted to say [...]
Tagged admin, config, Fun, genderPlanning a pentest:
Sorry, but the semester break of the college student developing the security toolkit is over, so there’s some delay.
BruCON already happened more than a week ago and I didn’t have time to write about it, as work took over immediately after we came back :). We had a great time at BruCON, it was organised very professionally, especially for a conference held for the first time. There were interesting talks, discussions and [...]
Tagged brucon, brussels, conference, ctf, hexfactorI really didn’t know that Winnie-the-Pooh is now working in telecommunications:
For the visually impaired or those using a text-only RSS feed reader like me: Apparently, the contact person we had at Victorvox goes by the name “teddybaer”. At least the invoice says so. And yes, “had”. This is old, so don’t get any silly ideas [...]
We at RedTeam are really looking forward to BruCON which is bound to happen in a little less than three months, so we eagerly follow the BruCON Blog. Maybe that’s why we were the first to solve the the PDF reverse engineering challenge they posted a couple of days ago. Apart from the fun diversion [...]
Tagged Conferences, Fun, Hacking, RedTeam, Reverse EngineeringLast weekend, members of RedTeam, of the mwollect Alliance and a few other people from Aachen participated in the DEFCON 17 CTF Qualifiers. The team hosting the DEFCON CTF this year provided fun challenges of varying difficulty. Minor quirks were the Java-Applet based scoring system that was quite unresponsive at times, the fact that only [...]
Tagged ctf, defcon, Fun, HackingAs seen on a hoster’s website explaining how to use PuTTY on Windows to connect to their serial console:
I’m convinced greying out the server’s key fingerprint will make sure those pesky hackers won’t mess with the system…
Explaining to others what you do for a living is complicated enough as it is if you’re a pentester. Whoever invented the term “penetration tester” must never have thought about the consequences for all those poor girls and guys having to tell their job’s official name to other people. The reactions normally range from “you’re [...]
Tagged badword, google, penetration, porn, pr0nSeems like all those stories about people getting hacked because they’re using their hotel’s un- or WEP-encrypted wireless made some markedroids think. One of our last hotel rooms provided the following service:
The first three German lines roughly translate to
fast – comfortable – secure
[X] tap-proof
[X] free of radiation
Good ol’ ethernet cable. Now they just need someone [...]