@koehntopp greg to be fair though, I still use in pen testing - as a wake up call for teams in denial, and as a verification of assumptions in a very dedicated, targeted fashion as greg outlined. Ideally, you consider pen test targets when you conceptualize your mitigations.

Jan Muenther @koehntopp Well, it also provides an end-to-end view of a product at a certain stage, which can help identifying issues emerging from the interplay of its components. But that's another focus than the classical pentest before release idea.

greg @koehntopp Ah indeed, that’s another important point, especially in complex high risk projects. Particularly meaningful with all this microservice salad and abstraction layers.

#TalkAnnouncement Karsten König will be joining #CONFidence2020 with a talk about Exploiting Reference Counter Vulnerabilities Inside The FreeBSD Kernel ⚡️ 👇Check out the details of his talk and get your ticket here 👇 buff.ly/2IIVBOW

We're proud to announce that together with our partners from SecureLayer7, Cure53 and X41 D-SEC GmbH, we are offering pro-bono pentests for COVID-19 related apps/software: secfault-security.com/blog/Probono.h…

Today is the last day to apply for a FREE pentest on your application that helps fight COVID-19! Since the closure of schools requires good tools for educational learning, we would love to see last minute submissions from this field.

All applications for the Pro-bono Pentests for COVID-19-related Apps & Software have been reviewed and the committee has chosen the winners. More info to follow soon 🙂

Our colleague Karsten did a research project on re-creating a custom iOS exploit. You can read about his adventures here secfault-security.com/blog/chain3.ht… :)

I dived into iOS kernel exploitation recently and have written a kernel exploit for chain 3 of Ian Beer blog post series from last August. Check out the post at the Secfault Security GmbH blog :) secfault-security.com/blog/chain3.ht… Feedback highly appreciated!

Some time ago, we've had a look at the F*EX file exchange solution (fex.rus.uni-stuttgart.de), and found a pre-auth RCE. We now published a small write-up on this: secfault-security.com/blog/fex.html

We have recently conducted a review of the 1Password developer tools. Our report is now public, so please feel free to check it out: secfault-security.com/blog/onepasswo…

As one of our internal research projects, we've recently taken a look at some self-powered wireless 433MHz light switches, particularly on reverse-engineering the used radio protocol and building a custom receiver. If you're interested, make sure to check secfault-security.com/blog/kineticsw….

Recently, Jenny took a look at the Visual Studio App Center SDK for iOS and macOS and found an insecure object deserialization issue. Here's a write-up on her journey of identifying and exploiting the issue: secfault-security.com/blog/ms-app-ce….

Last year we did a number of projects for AgileBits, focusing on the 1Password ecosystem. The reports have now been made public, so in case you're interested to get an impression feel free to check secfault-security.com/blog/onepasswo….

We recently decided to take a look at LibreOffice, and found an (almost) arbitrary file write issue, which is now public (CVE-2023-1183). If you're interested, check out secfault-security.com/blog/libreoffi… for details :)

We've taken (another) look at the OpenOlat learning management solution and found an XXE issue, which can be turned into an arbitrary file read and an SSRF problem. In case you're interested, make sure to read our blog post at secfault-security.com/blog/openolat-…!

We recently did some internal research and took a look at the JavaScript runtime Deno. We found a couple of interesting bypasses for their permission system. If you'd like to learn more, please feel free to check out our blogpost at secfault-security.com/blog/deno.html.

The other day, our colleague Oliver decided to play around with Syzkaller to fuzz the FreeBSD Kernel. He added some support for the Bluetooth stack and indeed found an OOB read. If you're interested, check our blog post here: secfault-security.com/blog/fuzzing_f…