Red_team

A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.

Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall - Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.

As of today, RedTeam Pentesting’s website is available in a new design. Your feedback is welcome.

In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX.

New advisory released: Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials.

New advisory released: D-Link DAP-X1860: Remote Command Injection .

New advisory released: Session Token Enumeration in RWS WorldServer.

New advisory released: Skyhigh Security Secure Web Gateway: Information Disclosure Due to Same Origin Policy Bypass on Block Page.

New advisory released: STARFACE: Authentication with Password Hash Possible.

On 10 July 2024, Alexander Neumann will give the lecture “Behind the Screens: Insights and Stories of Real-World Penetration Testing“ in German at the IT Center of RWTH Aachen University. The lecture is public and takes place at 16:30 o’clock at the ITC lecture hall at Seffenter Weg 23.