Posts in 2025

  • Security Policy Templates

    Friday, March 21, 2025 in Blog

    In case you are looking for templates for security policies in your organisation one option are the free templates from SANS https://github.com/deepanshusood/SANS-Security-Policy-Templates

    Read more

  • Free vulnerability monitoring

    Sunday, February 23, 2025 in Blog

    Today I would like to recommend two free services for monitoring your IP-ranges, domains and websites for new vulnerabilities before others do. https://www.shadowserver.org/ The Shadowserver Foundation is a nonprofit security organization working …

    Read more

Posts in 2024

  • SOC playbooks

    Sunday, July 21, 2024 in Blog

    In case you need a starter for playbooks for your SOC (Security Operations Center) check out https://github.com/socfortress/Playbooks

    Read more

  • Teamviewer compromised by APT Group

    Friday, June 28, 2024 in Blog

    Teamviewer announced being compromised by an APT (Advanced Persistence Threat) group, see https://www.teamviewer.com/de/resources/trust-center/statement/ My recommendation would be blocking all traffic to Teamviewer domains as a preventive measure …

    Read more

  • polyfill.io CDN distributing malware

    Wednesday, June 26, 2024 in Blog

    The popular CDN (Content Delivery Network) polyfill.io is normally used by website developers to deliver javascript code to users who use older browsers. (polyfill implements javascript code for functionality that is missing in older browsers). …

    Read more

  • BSI Hall Of Fame

    Saturday, April 20, 2024 in Blog

    After reporting a security misconfiguration vulnerability in responsible disclosure on a website to the German “Federal Office for Information Security (BSI)” I was added to their Hall Of Fame, see here.

    Read more

  • Have I been pwned harvester

    Thursday, March 28, 2024 in Blog

    When having to export breaches for several domains from haveibeenpwned.com I looked for a python tool to do this via the haveibeenpwned-API but could not find any. So I created my own. See https://github.com/security-companion/hibp-harvester It can …

    Read more

  • ICCM Europe 2024

    Sunday, February 18, 2024 in Blog

    Also this year I had the privilege to go to ICCM (International Conference on Computing & Mission) Europe 2023, this time in Mosbach, Germany. I made a workshop with the title “Contracting/preparing a penetration test for your …

    Read more

Posts in 2023

  • First penetration test

    Saturday, April 15, 2023 in Blog

    These days I made my first penetration test for an website of a mid-size organization. They were very satisifed with my involvement. For me it was a good experience and I learned a lot myself.

    Read more

  • OpenOffice Macro vulnerability might lead to arbitrary script exectution

    Thursday, April 06, 2023 in Blog

    In the beginning of this year I discovered that the macro vulnerability in LibreOffice (CVE-2022-3140) also existed in OpenOffice and reported this through responsible disclosure to the developers of OpenOffice. It is now fixed in release version …

    Read more