Year 2020

39 Articles

Crypto Malware

Crypto Malware - An Increasing Threat?

TIBER-EU Framework

TIBER-EU Framework - Threat intelligence-based Red Teaming

Trust and AI

Trust and AI - Three Wrong Questions

Data Encryption in the Cloud

Data Encryption in the Cloud

Cyber Threat Intelligence

Cyber Threat Intelligence - Early Anticipation of Attacks

HardeningKitty

HardeningKitty

Phishing Protection

Phishing Protection - SPF, DKIM, DMARC

GraphQL

GraphQL - Attack possibilities and countermeasures

KleptoKitty

KleptoKitty - Deploying Payloads and Collecting Credentials

SAML 2.0, OpenID Connect, OAuth 2.0

SAML 2.0, OpenID Connect, OAuth 2.0

Speaking versus typing

Speaking versus typing

Traffic Analysis with Windows Built-In Tools

Traffic Analysis with Windows Built-In Tools

Voice User Interfaces

Voice User Interfaces - Prototyping with Voiceflow

Preparing Offers

Preparing Offers

3D Printing

3D Printing - Downloading Weapons from the Internet

Logging

Logging - Using Timeseries Database

1080p? 4K? UHD? HDR?

1080p? 4K? UHD? HDR? - An overview in the display jungle

Voice User Interface Design

Voice User Interface Design - An Overview of Brand Personas

Server-Side-Request-Forgery

Server-Side-Request-Forgery

Linux Hardening

Linux Hardening - Eat Your Own Dog Food

Voice User Interface Strategy

Voice User Interface Strategy

Linux Bind Shell in Assembly

Linux Bind Shell in Assembly - A Walkthrough

Cisco WebEx Online Meeting Security

Cisco WebEx Online Meeting Security

PAS - The Perfect Automation Schema

PAS - The Perfect Automation Schema: Influencing Trust

Contact Tracing App DP3T

Contact Tracing App DP3T

Attack Surface Reduction Rules

Attack Surface Reduction Rules

Microsoft Teams Security

Microsoft Teams Security - Securing Your Virtual Meetings

Zoom Security

Zoom Security - Securing your virtual Meetings

Vulnerability Scanning Data

Vulnerability Scanning Data

SANS SEC503 Intrusion Detection In-Depth

SANS SEC503 Intrusion Detection In-Depth

Severities and Risks

Severities and Risks - Relations and Differences

Policy Analyzer

Policy Analyzer

AI & Trust

AI & Trust - Stop asking how to increase trust in AI

Social Engineering

Social Engineering

IT Security Policies

IT Security Policies - What We Expect From You

Hacking Artificial Intelligence

Hacking Artificial Intelligence

Detecting PPL Manipulation?

Detecting PPL Manipulation?

Standard Data Protection Model of the German Data Protection Agencies

Standard Data Protection Model of the German Data Protection Agencies

The Difficulties of Cyber Insurance

The Difficulties of Cyber Insurance

Year 2019

40 Articles

scip Cybersecurity Forecast

scip Cybersecurity Forecast – Predictions for 2020

Security Automation

Security Automation - Opportunities and Risks

An Interdisciplinary Approach to Artificial Intelligence Testing

An Interdisciplinary Approach to Artificial Intelligence Testing

Local Security Authority

Local Security Authority – Keeping Secrets Safe

Challenges accompanying the daily routine

Challenges accompanying the daily routine

Zero Trust Model

Zero Trust Model - Never trust, always verify

Web Application Penetration Testing

Web Application Penetration Testing: An Introduction

The FONES Minimum Standard for improving ICT resilience

The FONES Minimum Standard for improving ICT resilience

iPhone Siri Self-Reference Exploiting

iPhone Siri Self-Reference Exploiting

Killer Robots

Killer Robots

Kernel-mode code signing

Kernel-mode code signing - A beginner's guide

SQL Injection

SQL Injection - A Summary of the Possibilities

Raspberry Pi Remote Access

Raspberry Pi Remote Access

Phishing

Phishing - A Never-Ending Story

Symmetric Encryption

Symmetric Encryption – An Introduction

Top Banking Trojans

Top Banking Trojans

Web Services as a Data Source in Splunk

Web Services as a Data Source in Splunk - A How-To Guide

Artificial Intelligence

Artificial Intelligence - Is it worth the risk?

Monitoring

Monitoring - Detecting Attacks with MITRE ATT&CK

Infosec Summer Reading List

Infosec Summer Reading List - 2019 Edition

Smart Homes

Smart Homes - Possibilities and Risiks

Deepfakes Analysis

Deepfakes Analysis - Impact of Calculation Time

Augmented Reality and Artificial Intelligence

Augmented Reality and Artificial Intelligence

The signed JSON Web Token

The signed JSON Web Token

Integrating the Cloud into Security

Integrating the Cloud into Security

eBPF

eBPF - A First Look

Data Breach Databases

Data Breach Databases - Lot of Incidents, just few Data

Security Operations Center

Security Operations Center - Prerequisite and Requirements

Good AI, Bad AI

Good AI, Bad AI

HSTS Preload as an Attack Vector

HSTS Preload as an Attack Vector

OWASP ASVS Version 4

OWASP ASVS Version 4

CIS CSAT

CIS CSAT - IT Security Assessment Tool

Deepfakes Analysis

Deepfakes Analysis

Social Engineering

Social Engineering – Spotlight on LinkedIn

HTTP Strict Transport Security

HTTP Strict Transport Security

Bypassing NAC

Bypassing NAC - A handy How-to Guide

Graylog V3

Graylog V3 - A long awaited Version

AI Stays True unto Us

AI Stays True unto Us - In Good and Bad Times

Smart Buildings and Smart Homes

Smart Buildings and Smart Homes

Incident Response Playbooks

Incident Response Playbooks

Year 2018

42 Articles

scip Cybersecurity Forecast

scip Cybersecurity Forecast – Predictions for 2019

Security Predictions

Security Predictions - Dumb or Priceless? A closer look

Bash

Bash - How to use in Linux Command Injection

Deepfakes Analysis

Deepfakes Analysis - Amount of Images, Lighting and Angles

Asset Inventories

Asset Inventories – Making them sexy

Internet of Things

Internet of Things - Security in an IoT Solution

Image, Compliance, and Resistance

Image, Compliance, and Resistance - In the AI Context

Let's talk about Sextortion

Let's talk about Sextortion - Discussing the uprising Scheme

Artificial Intelligence Testing

Artificial Intelligence Testing

Kerberoasting

Kerberoasting - Stealing Service Account Credentials

Deepfakes

Deepfakes - An Introduction

Privileged Windows Accounts

Privileged Windows Accounts

Libero.it Password Leak

Libero.it Password Leak - An Analysis In-Depth

eSports

eSports - Professional Cheating in Computer Games

On Trust in AI

On Trust in AI - A Systemic Approach

DEF CON 26

DEF CON 26 - Hackers invade Las Vegas

The Sequel of HTTP Headers

The Sequel of HTTP Headers - Advanced Security Capabilities

Blind XPath Injection

Blind XPath Injection – Approach for Unknown Data Sets

Sending Windows Firewall Logs to Graylog

Sending Windows Firewall Logs to Graylog

macOS from the Terminal

macOS from the Terminal - Your System Security at a Glance

Consciousness and Artificial Intelligence

Consciousness and Artificial Intelligence

Area41

Area41 - Hackers in Zurich

Medical Robots and Safety

Medical Robots and Safety

Area41 Workshop

Area41 Workshop – A Look Behind the Scenes

Specialized Search Engines

Specialized Search Engines

Cloud Storage

Cloud Storage - Configuration Vulnerabilities

GDPR

GDPR - An IT Security Perspective

Excel Forensics

Excel Forensics - Detecting Activities without Track Changes

WebAuthn

WebAuthn - The Future of Web Authentication

Human Cognition and Artificial Intelligence

Human Cognition and Artificial Intelligence

Facebook

Facebook - The Social Network and Privacy

Car Hacking

Car Hacking - Analysis of the Mercedes Connected Vehicle API

Shares

Shares – The Gateway to Domains

Security Log Standard

Security Log Standard - Still an Open Question

Response Header Hardening

Response Header Hardening

Network Access Control

Network Access Control

Psychology of Artificial Intelligence

Psychology of Artificial Intelligence

More Data, More Responsbility

More Data, More Responsbility - Analysing the Strava Heatmap

Graphical User Interface Security

Graphical User Interface Security

DNS RPZ

DNS RPZ - Blocking and Changing Names

Microsoft Antimalware Scan Interface

Microsoft Antimalware Scan Interface

Artificial Intelligence

Artificial Intelligence - A Model for Humanity

Year 2017

40 Articles

scip Cybersecurity Forecast

scip Cybersecurity Forecast – Predictions for 2018

DOM based Cross Site Scripting

DOM based Cross Site Scripting

Domain Name System

Domain Name System – Introduction to Potential Attacks

Cyber insurance

Cyber insurance – benefits and uses

Information Security

Information Security - Three things you need to hear

Securing Email of your own Domain

Securing Email of your own Domain - SPF, DKIM and DMARC

BloodHound

BloodHound - Sniffing out domain admins

Docker

Docker - Continuous Build Security Assessment with Anchore

Security Testing

Security Testing - Options for Lateral Entry

Malware Development

Malware Development

Cross-site request forgery

Cross-site request forgery - Is CSRF dead?

In Defense of FaceID

In Defense of FaceID - The New Authentication of iOS

Artificial Intelligence

Artificial Intelligence

A Little Helper

A Little Helper – The PHP Command Shell

Firejail

Firejail - A Human Tool to Control Software

Penetration Tester

Penetration Tester - How to Define

Public Network-Level Discovery

Public Network-Level Discovery - Using Whois and DNS Probing

Data Loss Prevention

Data Loss Prevention – Are you blocking yet?

Local Administrator Password Solution

Local Administrator Password Solution

Personal Digital Assistants

Personal Digital Assistants - The Future of Ubiquitous AI

HackRF One Sweep Mode

HackRF One Sweep Mode - A quick Introduction

Anti-fraud in online services

Anti-fraud in online services

Aspects of cybercrime

Aspects of cybercrime

Ransomware

Ransomware - Should you pay up?

Bluetooth Low Energy

Bluetooth Low Energy - Pairing, GATT and More

The Shadow Brokers

The Shadow Brokers - The story so far

Docker

Docker - Continuous Build Security Assessment

Cybersecurity

Cybersecurity - Quo Vadis?

Security Development Lifecycle

Security Development Lifecycle

Corporate, IT and Security Governance

Corporate, IT and Security Governance - The Basics

Securing Twitter

Securing Twitter

Bluetooth

Bluetooth - Low Energy and High Visibility

Invoke-Mimikatz

Invoke-Mimikatz – Seven in One Go

Logging with Graylog

Logging with Graylog - A Technical Review

Rapid Risk Assessment

Rapid Risk Assessment

Exploit Market Forecasts

Exploit Market Forecasts – A Glimpse into the Future

European General Data Protection Regulation

European General Data Protection Regulation

Countermeasures in Penetration Testing

Countermeasures in Penetration Testing - And now?

Password Security

Password Security

Razor Code

Razor Code – Don't Cut Yourself

Year 2016

41 Articles

scip Cybersecurity Forecast

scip Cybersecurity Forecast – Predictions for 2017

Windows 10 Client Hardening

Windows 10 Client Hardening

Secure Processing with SGX

Secure Processing with SGX - Tackling Risks in the Cloud

Using the NIST CSF for a Rapid Security Assessment

Using the NIST CSF for a Rapid Security Assessment

Merger & acquisition processes

Merger & acquisition processes – the security perspective

XSS is still my name

XSS is still my name

Future of information security

Future of information security - It needs to grow up

Credential and Device Guard

Credential and Device Guard – Is the tide turning?

Exploit pricing

Exploit pricing

Containing Containers

Containing Containers - Advantages and Risks

High-Secure Portable Storage - Part 2

High-Secure Portable Storage - Part 2: InterLock on Armory

Security Boards

Security Boards – structure, function and use

Healthy Paranoia

Healthy Paranoia - Simple Protection for End-User

Email Accounts

Email Accounts - Powerful Skeleton Keys

Content Security Policy

Content Security Policy – How hard can it be?

High-Secure Portable Storage

High-Secure Portable Storage - Part 1

Logging the Internet of Things

Logging the Internet of Things

CVSSv3 as a risk metric

CVSSv3 as a risk metric – a detailed view

Cyber Security

Cyber Security – Addressing Highly Dynamic Risks

Checklists or Scenarios

Checklists or Scenarios – That is the Question

Blockchain is the future

Blockchain is the future

RIPv6

RIPv6 - fail2ban failed to ban

Analysis of medical devices

Analysis of medical devices - A pragmatic approach

Software Without Brakes

Software Without Brakes

Implementing a Qubes OS productive laptop

Implementing a Qubes OS productive laptop

Securing Outdated or Unsupported Systems

Securing Outdated or Unsupported Systems

mHealth

mHealth - Mobile Opportunities

eHealth

eHealth - electronic health care services

Cross-Site Script Inclusion

Cross-Site Script Inclusion

PowerShell Monitoring

PowerShell Monitoring - Regain Control

Big Data, Artificial Intelligence & the Internet of Things

Big Data, Artificial Intelligence & the Internet of Things

HTTPS Bicycle Attack

HTTPS Bicycle Attack - An Overview

Data Centric Security using DRM infrastructure

Data Centric Security using DRM infrastructure

DRM/RMS

DRM/RMS – The next generation of rights management

Belkin WeMo Switch Communications Analysis

Belkin WeMo Switch Communications Analysis

Approach to Testing IoT Devices

Approach to Testing IoT Devices

Not Only Terrorists Have Something to Hide

Not Only Terrorists Have Something to Hide

Background to the Labs Book

Background to the Labs Book

Inglorious Headers

Inglorious Headers

Darknet

Darknet - A Look at the Virtual Black Market

OPSEC

OPSEC - History and Basics

Year 2015

50 Articles

scip IT Security Forecast 2016

scip IT Security Forecast 2016

Big Brother or

Big Brother or: How I stopped Worrying and Love Encryption

Release of Burp Extension DetectDynamicJS

Release of Burp Extension DetectDynamicJS

Ransomware 101

Ransomware 101 - CryptoLocker and CryptoWall

Facebook's Ears

Facebook's Ears - Threats by Audio Discovery

Drones

Drones - The Next Generation of Information Warfare

Hackers

Hackers - 20 Years of Awesome

The Future

The Future: Personal Assistants

RFID with RFIDler

RFID with RFIDler

Peeple

Peeple: Social Media Without Profile

Healthy Paranoia

Healthy Paranoia - Goodbye, Passwords!

Twelve Simple Security Tricks

Twelve Simple Security Tricks

Mobile Technology in Corporate Environments

Mobile Technology in Corporate Environments

Securing out-of-band Remote Support (Part 2 of 2)

Securing out-of-band Remote Support (Part 2 of 2)

Risks in iBeacon

Risks in iBeacon

Public Shaming and the Case Ashley Madison

Public Shaming and the Case Ashley Madison

Statistical Analysis of the Ashley Madison Hack

Statistical Analysis of the Ashley Madison Hack

Metadata Revisited

Metadata Revisited

A First Analysis of the AshleyMadison.com Leak

A First Analysis of the AshleyMadison.com Leak

The Internet and the Things

The Internet and the Things

Offensive PowerShell

Offensive PowerShell - Introduction to PowerTools

The SBB Swiss Pass

The SBB Swiss Pass - New Technology, New Risks

Preventing Reputational Damage by Media

Preventing Reputational Damage by Media

SAP and Principle of Least Privilege

SAP and Principle of Least Privilege

Summary of Protection Aspects of Client Identifying Data

Summary of Protection Aspects of Client Identifying Data

Correct Authentication for Mobile Apps

Correct Authentication for Mobile Apps

Hack in Paris 2015

Hack in Paris 2015 - A Short Review

Securing out-of-band Remote Support (Part 1 of 2)

Securing out-of-band Remote Support (Part 1 of 2)

What You Need to Know About Duqu 2.0

What You Need to Know About Duqu 2.0

Reputational Damage to Media Corporations After a Hack

Reputational Damage to Media Corporations After a Hack

Logging Shell User Activity

Logging Shell User Activity

Apple Watch

Apple Watch - A First Commentary

Healthy Paranoia

Healthy Paranoia - Buckle Up!

SwiNOG #28

SwiNOG #28 - A Short Review

A Story About Blocking PowerShell

A Story About Blocking PowerShell

Thought About Cross Border and Associated Subjects

Thought About Cross Border and Associated Subjects

Detection of Firewalling to Professionalize Attacks

Detection of Firewalling to Professionalize Attacks

Securing Your Home Fences

Securing Your Home Fences

Hacker Fashion

Hacker Fashion - A Not Quite Serious Test

Hard Disk Encryption Tool

Hard Disk Encryption Tool: Startech Enclosure

A Case for Net Neutrality

A Case for Net Neutrality

Misusing TCP Timestamps

Misusing TCP Timestamps

So Long, and Thanks for All the Superfish

So Long, and Thanks for All the Superfish

Kerberos under Attack

Kerberos under Attack

The Hunt for the Safe Public WiFi

The Hunt for the Safe Public WiFi

Some Thoughts about Privileged Identity Management and Privileged Account Management

Some Thoughts about Privileged Identity Management and Privileged Account Management

Wearables in Application

Wearables in Application

Data Fence

Data Fence - A Nice and Small MacOS X Security Audit Tool

Audit in a OS X System

Audit in a OS X System

Wardialing Revisited

Wardialing Revisited - A Call with Consequences

Year 2014

48 Articles

31C3

31C3 - A New Dawn

scip IT Security Forecast 2015

scip IT Security Forecast 2015

scip InfoCenter for Google Chrome available

scip InfoCenter for Google Chrome available

Software Defined Radio

Software Defined Radio - An Introduction

Burn Facebook 101

Burn Facebook 101 - How to Fabricate a Person

Transport Layer Security Done Right

Transport Layer Security Done Right

Logical Fallacies when Assessing Risks

Logical Fallacies when Assessing Risks

Collecting Windows Logs with NXlog

Collecting Windows Logs with NXlog

Designing filters for ELK

Designing filters for ELK

Bug Bounties

Bug Bounties - Getting that free Netscape Mug

Android Lab Based on Virtual Devices

Android Lab Based on Virtual Devices

How Data Correlation Works

How Data Correlation Works

Skype as a Security Risk

Skype as a Security Risk

The Basics of DNSSEC

The Basics of DNSSEC

Organizational Aspects When Protecting Business Information and Records

Organizational Aspects When Protecting Business Information and Records

UTM Solutions Evaluation in Virtual Environments

UTM Solutions Evaluation in Virtual Environments

Hacker Summer Camp (2014 Edition)

Hacker Summer Camp (2014 Edition)

File Integrity Checker Policy

File Integrity Checker Policy

Google Glass

Google Glass – A Snapshot

Kerberos Key Distribution Center Proxy Protocol

Kerberos Key Distribution Center Proxy Protocol

Wearables

Wearables - A Look Ahead

Wearables

Wearables - No Privacy for Your Biometry

Wearables

Wearables - New Threats

Wearables

Wearables - Technology on the Body

Wearables

Wearables - New Freedom

Windows Passwords

Windows Passwords - A Well Known Secret?

Functionality Testing a IDS/IPS

Functionality Testing a IDS/IPS

The Value of IT General Controls within an Organization

The Value of IT General Controls within an Organization

Security Testing Using Virtual Environment Made Easy

Security Testing Using Virtual Environment Made Easy

Car Hacking

Car Hacking - An Overview

Area41

Area41 - A Look Back

Security Conferences

Security Conferences - A Waste of Time?

JSXBIN

JSXBIN - Reversing the Binary File Type

Oh Twitter, Where Art Thou

Oh Twitter, Where Art Thou

Source Code Analysis

Source Code Analysis - A Beginner's Guide

PowerShell

PowerShell - One Tool to Rule Them All

How to Handle Breach Incidents Involving Personal Information

How to Handle Breach Incidents Involving Personal Information

Firewalls

Firewalls - Rules to Rule the Rules

The Worth of Information Security in Everyday Life

The Worth of Information Security in Everyday Life

Android Permissions

Android Permissions – A Top-500 Analysis 2014

A Look Fifteen Minutes into the Future

A Look Fifteen Minutes into the Future

Security of Unified Communications using Microsoft Lync as an Example

Security of Unified Communications using Microsoft Lync as an Example

Windows 8 Baseline Skeleton

Windows 8 Baseline Skeleton

On the Use of Security Concepts

On the Use of Security Concepts

Securing Logs in Motion

Securing Logs in Motion

Vulnerability Disclosure

Vulnerability Disclosure: Revisited

Security Enhanced Linux

Security Enhanced Linux

They Are Watching

They Are Watching

Year 2013

23 Articles

scip IT Security Forecast 2014

scip IT Security Forecast 2014

2013

2013: A Year in Review by scip AG

HP TippingPoint

HP TippingPoint – Analysis of the Protection Filters

When Your TV Watches You

When Your TV Watches You

iOS7

iOS7 - The Seven Best New Features (apart from the graphics)

Secure Mobile Data

Secure Mobile Data

Actions and Processes in Case of a Virus

Actions and Processes in Case of a Virus

OpSec on the Silk Road

OpSec on the Silk Road: Learning from Pirates

Virtual Switch Security

Virtual Switch Security - An Overview

Safer Log Files

Safer Log Files

The Broken Record

The Broken Record: Talking to Business

An Open Letter to iOS/Android App Developers

An Open Letter to iOS/Android App Developers

Nmap NSE Vulscan 1.0 Released

Nmap NSE Vulscan 1.0 Released

Benchmark a Firewall Rulebase

Benchmark a Firewall Rulebase

Are we even moving?

Are we even moving?

Overview of Microsoft's security toolkit EMET

Overview of Microsoft's security toolkit EMET

Timing of Efficient and Undiscovered Portscans

Timing of Efficient and Undiscovered Portscans

Interpreting a Logfile with Grok

Interpreting a Logfile with Grok

Your Infosec Job is not a Movie

Your Infosec Job is not a Movie

Blackhat Europe 2013

Blackhat Europe 2013 – A Hasty Preview

Virtual Environment Security Baseline Recommendations

Virtual Environment Security Baseline Recommendations

Counting the FW1 Logfile

Counting the FW1 Logfile

Critical Third Party Applications

Critical Third Party Applications: Risk and Handling

Year 2012

9 Articles

NAXSI Open-Source WAF

NAXSI Open-Source WAF

Security Log, Part 2

Security Log, Part 2: Requirements, Costs and Tools

Security Log, Part 1

Security Log, Part 1: Experience with Log Management

Windows 7 Stripping & Hardening, Part 3

Windows 7 Stripping & Hardening, Part 3: Keep it Safe

Mac OS X Memory Analysis

Mac OS X Memory Analysis: An Overview

Windows 7 Stripping & Hardening, Part 2

Windows 7 Stripping & Hardening, Part 2

Opinion: Flamer/sKyWIper

Opinion: Flamer/sKyWIper – Facts & Myths in 5 Minutes

Windows 7 Stripping & Hardening, Part 1

Windows 7 Stripping & Hardening, Part 1: OS Tools

Structuring the Rule Name in Checkpoint Firewall

Structuring the Rule Name in Checkpoint Firewall

Year 2011

2 Articles

Open-Source and its Effects on Security

Open-Source and its Effects on Security

Basic RFID Security

Basic RFID Security

You want more?

Do you have any questions?

Our experts will get in contact with you!

×

Stay informed

Subscribe to our monthly security summary