Blog

In our blog, we review topics of interest and share our knowledge, research results and community contributions.

Blog

Latest Posts
The State of Publicly Available Android Device Security Information
In this blog post, we would like to raise awareness for an often underestimated problem: the lack of publicly available information about the security specifications of modern Android smartphones on the market.
Tim Ohlendorf
14. Juni 2022
Advisory and Exploitation: The MELAG FTP Server
During an engagement in early 2021 my colleague and myself stumbled across an FTP server with a banner that we've never seen before....We downloaded the FTP Server, set up a testing environment, began to dissect it and found 6x high impact vulnerabilities.
Carsten Sandker
5. Mai 2022
Connaisseur v2.2 - Improving Usability of Container Signature Validation in Kubernetes
Connaisseur is a Kubernetes admission controller for container image signature verification. The latest release v2.2 improves usability...
Dr. Christoph Hamsen
18. Oktober 2021
Active Directory Spotlight: Trusts — Part 1. The Mechanics
This spotlight is intended to shed some light on Active Directory Trusts, the value they bring, the risk they can contain and how to...
Carsten Sandker
10. Oktober 2021
Active Directory Spotlight: Trusts — Part 2. Operational Guidance
In the first part of this Active Directory (AD) spotlight I introduced the mechanics of Active Directory Trusts and highlighted what a...
Carsten Sandker
10. Oktober 2021
Verify Container Image Signatures in Kubernetes using Notary or Cosign or both
Connaisseur v2.0 adds support for multiple keys and signature solutions.
Dr. Christoph Hamsen
27. Juli 2021
Container Image Signatures in Kubernetes
Container image signatures are a rarely implemented security feature, even though images' contents are ever changing and hard to get a grasp of, making it easy for attackers to hide malicious content in them.
Philipp Belitz
7. August 2020
Privilege Escalation in AKS Clusters
Default AKS cluster stores admin credentials in Kubernetes ConfigMap.
Anneke Breust
17. Juli 2020
Bringing Content Trust into the World of docker-compose
A central question in application security is: how do we ensure that our Docker containers actually run the code that we intend to run?
Dr. Peter Thomassen
14. Juli 2020
Public Suffix Lookups Without Parsing the PSL
During my work at SSE (I was working on the security-first DNS provider deSEC), I was facing the need for quickly looking up the so-called Public Suffix for a given domain name. If the domain name is, say, amazon.co.uk, then the Public Suffix would be co.uk.
Dr. Peter Thomassen
12. Juli 2020