In December, Claus Overbeck of RedTeam Pentesting held the invited talk “Ten Commandments of IT-Security for Web 2.0 Startups” at the HackFwd Build 0.4. The talk was recorded on video, and is now available via the HackFwd Blog. HackFwd is led by Lars Hinrichs, the people behind it describe themselves as
experienced tech entrepreneurs looking to [...]
Tagged hackfwd, startup, talk, videoThanks to one unfortunate speaker scheduled for Hackito Ergo Sum who can’t make it to the conference, I was invited to give a talk about Pandora’s Bochs on short notice, which I will gladly do. Additionally, RedTeam Pentesting will sponsor the event. The conference program looks very promising – so quickly make up your mind: [...]
Location: A security area with access control. Two pentesters need to get (legitimate) access to the area, which requires three things: An authorisation token, your signature, and your identity card. The token is ready, the paper sheet signed and… access is granted. Wait, what about the identity card? The friendly security guard is stumped.
“Well, the [...]
“So, you hack companies and then tell them that you found security vulnerabilities? And afterwards they hire you to show them what is wrong?”
This is one of the questions you get asked surprisingly often when you explain to people what you do for a living (and the answer is no: we don’t proactively hack companies [...]
As promised, we have released information about the attacks we developed against chipTAN comfort today. Have a look at our website:
http://www.redteam-pentesting.de/de/publications/MitM-chipTAN-comfort
You’ll find our press release (in German) and a paper (also in German) there, giving you all the details about the three attacks we came up with. I’m sorry that I didn’t get the [...]
RedTeam is on TV again:
Sunday, 22. November 2009, SAT1 Planetopia: Gefährliches Onlinebanking (Dangerous Online Banking)
Online banking is still a hot topic, with all the new systems cropping up after the traditional PIN/TAN and the more recent PIN/iTAN (indexed TAN) systems.
We already showed in 2005 that Man-in-the-Middle attacks on iTAN-based systems are possible and predicted that [...]
Planning a pentest:
Sorry, but the semester break of the college student developing the security toolkit is over, so there’s some delay.
I have already mentioned in this blog post that there’s always standard stuff you have to do in a pentest. Finding all the standard security issues is important for the completeness of the pentest and should never be neglected. You will look rather stupid if you find the remote root exploit that can only be [...]
Tagged pentest, RedTeam, teamworkWe at RedTeam are really looking forward to BruCON which is bound to happen in a little less than three months, so we eagerly follow the BruCON Blog. Maybe that’s why we were the first to solve the the PDF reverse engineering challenge they posted a couple of days ago. Apart from the fun diversion [...]
Tagged Conferences, Fun, Hacking, RedTeam, Reverse Engineering