Year 2026
1 Articles
Chaos Communication Congress 39C3 - Power Cycles
Year 2025
13 Articles
scip Cybersecurity Forecast - Predictions for 2026
Vulnerability Management
Legacy Technology - Forgotten Systems, Hidden Risks
Burp Suite Extensions
Knowledge creates power - dialogue creates trust
Research meets defense - offense meets responsibility.
C2 Architecture - Pull the Strings, Run the Show
10 Years of Rapid Security Assessments
Analyzing Threema Messages on iOS
Facial Recognition Injection Attacks - An Overview
Hidden data trade
Chaos Communication Congress 38C3 - Illegal Instructions
AI in the office: Curse or Blessing?
Year 2024
28 Articles
scip Cybersecurity Forecast - Predictions for 2025
I want a "Red Teaming" - Why terminology matters
Human and AI - A Matter of Trust
Vehicle forensics
Isn’t business continuity part of security?
Trapped in the net
Privacy Enhancing Technologies - An introduction
How I started my InfoSec Journey - and how you can do it too
Area41 2024 - A Recap
Prompt Injection - A Deep Dive
How to secure your online accounts
Microsoft Cloud Access Tokens
Enhancing Data Understanding - Conversations with Your Logs
Brain before post
Dynamic Analysis of Android Apps - An Introduction to Frida
Security Testing - From Hypothesis to Experiment
Active Directory certificate services
Foreign Entra Workload Identities: A Security Boundary Risk?
Active Directory certificate services
Specific Criticism of CVSS4 - What is not going to be better
The new NIST Cybersecurity Framework - What has changed?
Ways of attacking Generative AI
iOS Mobile Application Testing - An Introduction
Reporting and Documenting - Unpopular and Yet So Important
Transition to OpenSearch
From crisis to opportunity - learning from mistakes
Burp Bambdas & BChecks - Innovations in recent months
Cyber threats under geopolitical factors
Year 2023
40 Articles
scip Cybersecurity Forecast - Predictions for 2024
Credential Tiering - Implementing Tier 0
Disk Cloning - How to create a clone of a hard drive
Open Source Intelligence Investigation
Software-Defined Networking - Thoughts on Security
Flipper Zero WiFi Devboard - Customize and compile firmware
Introduction of CVSS v4.0 - More Effort Than Benefit?
Human and AI Art
Voice Authentication - Risks of the Biometric Approach
XML Injection - Attack possibilities and countermeasures
Credential Tiering - An Overview
The BIOS - History and Hardening Options
Chatbot-Scams - Stealing personal information
Bug Bounty - Challenge for Companies
Graylog v5 - Using Sigma Rules
Rogue Device - Remote Control and Data Encryption
Conversational Commerce: The rise of artificial sales agents
Denial of Service Attacks - A summary
Burp Macros - How to use them correctly
Hardware-Keylogger - Behind the Keyboard
IT forensics - Analysis of Videos
IT forensics - Analysis of Images and Documents
auditd - Configure for Compliance
Breach and Leak - Guilt and Atonement of Affected Companies
Windows LAPS - Local Admin Password Management Revised
ChatGPT & Co.
System Log Monitoring - A Useful Minimal Solution
WebSocket Fuzzing - Development of a Fuzzer
Outsmarting the Watchdog
Security Frameworks - Our Experience
Modern Chatbots - Advanced Dangers and Risks
TEDxBoston Countdown to AGI - Insights from the event
Autonomous Weapon Systems - Existential Threat?
Flipper Zero - Attack on the use of Wireless Peripherals
Microsoft Intune - Impact on Defender Configuration Analysis
Data Transfer with SSID - An Experiment
About M3gan
Prototype Pollution - A JavaScript Attack Technique
Hidden Dangers of Phishing Attacks - Don't Get Hooked
OpenAI ChatGPT - Our New Playmate
Year 2022
39 Articles
scip Cybersecurity Forecast - Predictions for 2023
Bitcoin Lightning Network - Future of payments?
Vagrant - A Burp Suite VM To Go, Please
Flipper Zero - What Can the Little Hacking Tamagotchi Do
Network Time Security - Securing NTP Against MITM Attacks
Trust Paradox
Windows Installer Security - A Look at MSI Files
Browser-Powered Request Smuggling
Microsoft Cloud Security
Russia-Ukraine conflict
Lattice-Based Cryptography
OAuth 2.0 Flows
Executable Categorization
Web Proxy with Kerberos - A Basic Configuration Guide
Conversational AI - More than Just a Tool?
Analysis of Mobile Apps - An Introduction
Multi-Party Computation - The Productive Side of Security
Home Automation - The Way to a Fully Automated House
Without Yesterday, No Tomorrow
HTTP/2 Request Smuggling - An Introduction
Attack Path Analysis - Gain Advantage over Adversaries
Data Theft - Gap in the Swiss Criminal Code?
Vulnerability of Humans and Machines - A Paradigm Shift
RSA Versus Quantum
Web Cache Poisoning - Not only a Theoretical Attack
USB Armory Drive - Portable Mass Storage Encryption
Forced Authentication
nmapAutomator - Helper script for using nmap
Information Security Risk Management - A Hands-on Approach
Request Smuggling - Description and Procedure for Testing
Honeytokens - Playing Minesweeper with Adversaries
Cyber War - How Technology wins Wars
Cyber-Terrorism - A Danger for Switzerland?
Network Provider - Sneaky alternative to extract credentials
Increase Security in the Home Network - An Overview
Seccomp-bpf - Use Syscalls Filters to Contain Containers
Monero - Privacy Features Overview
OWASP Maryam - Iintroduction to the OSINT tool
Human and Machine Agency - Power to Whom
Year 2021
40 Articles
scip Cybersecurity Forecast – Predictions for 2022
Sealing of Evidence in Criminal Proceedings
Attacks via Peripheral Devices
Reverse Engineering
Sandboxing Containers - Run Untrusted Code in a Container
Artificial Intelligence - No Trust, no Use?
Attacks against Miracast
OTPs as Second Factor - Strengths and Weaknesses
JWT Issues - Using JWTs as Session Tokens
CIS Controls - What is new in version 8
Ransomware Detection, Defense, and Analysis
Trustworthy AI - Can Laws build Trust in AI?
Farewell NTLM - It is time to disable NTLM
The Secure Use of IoT Protocols - An Introduction
SQLite forensic's notes - Make sure Delete is Delete
SSLv3 Attacks - Padding Oracle Basics
FONES Minimum Standard
Passwordless Authentication - An Introduction
Data Markets - Collecting and Analyzing Passwords
Transport Layer Security - What is New
Diversify AI - Switzerland wants more Diversity in AI
ContainerKitty - Automated scanning of container images
Programming Language Go
Microsoft365DSC
Third-Party Cookies
OWASP Core Rule Set - An overview for reviews
Anthropomorphism - Why we see the human in nonhuman agents
Data Leakage Prevention - Tilting at Windmills
Password Leak Analysis - Extensive Analysis of Passwords
WebSockets - Attack Techniques and Protection Measures
Online Tracking - How does Tracking on the Internet work?
Deepfake Audio Text to Speech - An Introduction
Qubes OS - Usability in Windows Environments
totemomail - An Auditor's Perspective
AI and Leadership - Stop or Go?
Webscraping with Powershell - An Introduction
MITRE ATT&CK - Flaws of the Standardization
HardeningKitty Score
Office 365 Teams Security
Web-Shells - An Overview
Year 2020
42 Articles
scip Cybersecurity Forecast – Predictions for 2021
IT Security Tips - How to be Safe Online
HTTP Response Header
Crypto Malware - An Increasing Threat?
TIBER-EU Framework - Threat intelligence-based Red Teaming
Trust and AI - Three Wrong Questions
Data Encryption in the Cloud
Cyber Threat Intelligence - Early Anticipation of Attacks
HardeningKitty
Phishing Protection - SPF, DKIM, DMARC
GraphQL - Attack possibilities and countermeasures
KleptoKitty - Deploying Payloads and Collecting Credentials
SAML 2.0, OpenID Connect, OAuth 2.0
Speaking versus typing
Traffic Analysis with Windows Built-In Tools
Voice User Interfaces - Prototyping with Voiceflow
Preparing Offers
3D Printing - Downloading Weapons from the Internet
Logging - Using Timeseries Database
1080p? 4K? UHD? HDR? - An overview in the display jungle
Voice User Interface Design - An Overview of Brand Personas
Server-Side-Request-Forgery
Linux Hardening - Eat Your Own Dog Food
Voice User Interface Strategy
Linux Bind Shell in Assembly - A Walkthrough
Cisco WebEx Online Meeting Security
PAS - The Perfect Automation Schema: Influencing Trust
Contact Tracing App DP3T
Attack Surface Reduction Rules
Microsoft Teams Security - Securing Your Virtual Meetings
Zoom Security - Securing your virtual Meetings
Vulnerability Scanning Data
SANS SEC503 Intrusion Detection In-Depth
Severities and Risks - Relations and Differences
Policy Analyzer
AI & Trust - Stop asking how to increase trust in AI
Social Engineering
IT Security Policies - What We Expect From You
Hacking Artificial Intelligence
Detecting PPL Manipulation?
Standard Data Protection Model of the German Data Protection Agencies
The Difficulties of Cyber Insurance
Year 2019
40 Articles
scip Cybersecurity Forecast – Predictions for 2020
Security Automation - Opportunities and Risks
An Interdisciplinary Approach to Artificial Intelligence Testing
Local Security Authority – Keeping Secrets Safe
Challenges accompanying the daily routine
Zero Trust Model - Never trust, always verify
Web Application Penetration Testing: An Introduction
The FONES Minimum Standard for improving ICT resilience
iPhone Siri Self-Reference Exploiting
Killer Robots
Kernel-mode code signing - A beginner's guide
SQL Injection - A Summary of the Possibilities
Raspberry Pi Remote Access
Phishing - A Never-Ending Story
Symmetric Encryption – An Introduction
Top Banking Trojans
Web Services as a Data Source in Splunk - A How-To Guide
Artificial Intelligence - Is it worth the risk?
Monitoring - Detecting Attacks with MITRE ATT&CK
Infosec Summer Reading List - 2019 Edition
Smart Homes - Possibilities and Risiks
Deepfakes Analysis - Impact of Calculation Time
Augmented Reality and Artificial Intelligence
The signed JSON Web Token
Integrating the Cloud into Security
eBPF - A First Look
Data Breach Databases - Lot of Incidents, just few Data
Security Operations Center - Prerequisite and Requirements
Good AI, Bad AI
HSTS Preload as an Attack Vector
OWASP ASVS Version 4
CIS CSAT - IT Security Assessment Tool
Deepfakes Analysis
Social Engineering – Spotlight on LinkedIn
HTTP Strict Transport Security
Bypassing NAC - A handy How-to Guide
Graylog V3 - A long awaited Version
AI Stays True unto Us - In Good and Bad Times
Smart Buildings and Smart Homes
Incident Response Playbooks
Year 2018
42 Articles
scip Cybersecurity Forecast – Predictions for 2019
Security Predictions - Dumb or Priceless? A closer look
Bash - How to use in Linux Command Injection
Deepfakes Analysis - Amount of Images, Lighting and Angles
Asset Inventories – Making them sexy
Internet of Things - Security in an IoT Solution
Image, Compliance, and Resistance - In the AI Context
Let's talk about Sextortion - Discussing the uprising Scheme
Artificial Intelligence Testing
Kerberoasting - Stealing Service Account Credentials
Deepfakes - An Introduction
Privileged Windows Accounts
Libero.it Password Leak - An Analysis In-Depth
eSports - Professional Cheating in Computer Games
On Trust in AI - A Systemic Approach
DEF CON 26 - Hackers invade Las Vegas
The Sequel of HTTP Headers - Advanced Security Capabilities
Blind XPath Injection – Approach for Unknown Data Sets
Sending Windows Firewall Logs to Graylog
macOS from the Terminal - Your System Security at a Glance
Consciousness and Artificial Intelligence
Area41 - Hackers in Zurich
Medical Robots and Safety
Area41 Workshop – A Look Behind the Scenes
Specialized Search Engines
Cloud Storage - Configuration Vulnerabilities
GDPR - An IT Security Perspective
Excel Forensics - Detecting Activities without Track Changes
WebAuthn - The Future of Web Authentication
Human Cognition and Artificial Intelligence
Facebook - The Social Network and Privacy
Car Hacking - Analysis of the Mercedes Connected Vehicle API
Shares – The Gateway to Domains
Security Log Standard - Still an Open Question
Response Header Hardening
Network Access Control
Psychology of Artificial Intelligence
More Data, More Responsbility - Analysing the Strava Heatmap
Graphical User Interface Security
DNS RPZ - Blocking and Changing Names
Microsoft Antimalware Scan Interface
Artificial Intelligence - A Model for Humanity
Year 2017
40 Articles
scip Cybersecurity Forecast – Predictions for 2018
DOM based Cross Site Scripting
Domain Name System – Introduction to Potential Attacks
Cyber insurance – benefits and uses
Information Security - Three things you need to hear
Securing Email of your own Domain - SPF, DKIM and DMARC
BloodHound - Sniffing out domain admins
Docker - Continuous Build Security Assessment with Anchore
Security Testing - Options for Lateral Entry
Malware Development
Cross-site request forgery - Is CSRF dead?
In Defense of FaceID - The New Authentication of iOS
Artificial Intelligence
A Little Helper – The PHP Command Shell
Firejail - A Human Tool to Control Software
Penetration Tester - How to Define
Public Network-Level Discovery - Using Whois and DNS Probing
Data Loss Prevention – Are you blocking yet?
Local Administrator Password Solution
Personal Digital Assistants - The Future of Ubiquitous AI
HackRF One Sweep Mode - A quick Introduction
Anti-fraud in online services
Aspects of cybercrime
Ransomware - Should you pay up?
Bluetooth Low Energy - Pairing, GATT and More
The Shadow Brokers - The story so far
Docker - Continuous Build Security Assessment
Cybersecurity - Quo Vadis?
Security Development Lifecycle
Corporate, IT and Security Governance - The Basics
Securing Twitter
Bluetooth - Low Energy and High Visibility
Invoke-Mimikatz – Seven in One Go
Logging with Graylog - A Technical Review
Rapid Risk Assessment
Exploit Market Forecasts – A Glimpse into the Future
European General Data Protection Regulation
Countermeasures in Penetration Testing - And now?
Password Security
Razor Code – Don't Cut Yourself
Year 2016
41 Articles
scip Cybersecurity Forecast – Predictions for 2017
Windows 10 Client Hardening
Secure Processing with SGX - Tackling Risks in the Cloud
Using the NIST CSF for a Rapid Security Assessment
Merger & acquisition processes – the security perspective
XSS is still my name
Future of information security - It needs to grow up
Credential and Device Guard – Is the tide turning?
Exploit pricing
Containing Containers - Advantages and Risks
High-Secure Portable Storage - Part 2: InterLock on Armory
Security Boards – structure, function and use
Healthy Paranoia - Simple Protection for End-User
Email Accounts - Powerful Skeleton Keys
Content Security Policy – How hard can it be?
High-Secure Portable Storage - Part 1
Logging the Internet of Things
CVSSv3 as a risk metric – a detailed view
Cyber Security – Addressing Highly Dynamic Risks
Checklists or Scenarios – That is the Question
Blockchain is the future
RIPv6 - fail2ban failed to ban
Analysis of medical devices - A pragmatic approach
Software Without Brakes
Implementing a Qubes OS productive laptop
Securing Outdated or Unsupported Systems
mHealth - Mobile Opportunities
eHealth - electronic health care services
Cross-Site Script Inclusion
PowerShell Monitoring - Regain Control
Big Data, Artificial Intelligence & the Internet of Things
HTTPS Bicycle Attack - An Overview
Data Centric Security using DRM infrastructure
DRM/RMS – The next generation of rights management
Belkin WeMo Switch Communications Analysis
Approach to Testing IoT Devices
Not Only Terrorists Have Something to Hide
Background to the Labs Book
Inglorious Headers
Darknet - A Look at the Virtual Black Market
OPSEC - History and Basics
Year 2015
50 Articles
scip IT Security Forecast 2016
Big Brother or: How I stopped Worrying and Love Encryption
Release of Burp Extension DetectDynamicJS
Ransomware 101 - CryptoLocker and CryptoWall
Facebook's Ears - Threats by Audio Discovery
Drones - The Next Generation of Information Warfare
Hackers - 20 Years of Awesome
The Future: Personal Assistants
RFID with RFIDler
Peeple: Social Media Without Profile
Healthy Paranoia - Goodbye, Passwords!
Twelve Simple Security Tricks
Mobile Technology in Corporate Environments
Securing out-of-band Remote Support (Part 2 of 2)
Risks in iBeacon
Public Shaming and the Case Ashley Madison
Statistical Analysis of the Ashley Madison Hack
Metadata Revisited
A First Analysis of the AshleyMadison.com Leak
The Internet and the Things
Offensive PowerShell - Introduction to PowerTools
The SBB Swiss Pass - New Technology, New Risks
Preventing Reputational Damage by Media
SAP and Principle of Least Privilege
Summary of Protection Aspects of Client Identifying Data
Correct Authentication for Mobile Apps
Hack in Paris 2015 - A Short Review
Securing out-of-band Remote Support (Part 1 of 2)
What You Need to Know About Duqu 2.0
Reputational Damage to Media Corporations After a Hack
Logging Shell User Activity
Apple Watch - A First Commentary
Healthy Paranoia - Buckle Up!
SwiNOG #28 - A Short Review
A Story About Blocking PowerShell
Thought About Cross Border and Associated Subjects
Detection of Firewalling to Professionalize Attacks
Securing Your Home Fences
Hacker Fashion - A Not Quite Serious Test
Hard Disk Encryption Tool: Startech Enclosure
A Case for Net Neutrality
Misusing TCP Timestamps
So Long, and Thanks for All the Superfish
Kerberos under Attack
The Hunt for the Safe Public WiFi
Some Thoughts about Privileged Identity Management and Privileged Account Management
Wearables in Application
Data Fence - A Nice and Small MacOS X Security Audit Tool
Audit in a OS X System
Wardialing Revisited - A Call with Consequences
Year 2014
48 Articles
31C3 - A New Dawn
scip IT Security Forecast 2015
scip InfoCenter for Google Chrome available
Software Defined Radio - An Introduction
Burn Facebook 101 - How to Fabricate a Person
Transport Layer Security Done Right
Logical Fallacies when Assessing Risks
Collecting Windows Logs with NXlog
Designing filters for ELK
Bug Bounties - Getting that free Netscape Mug
Android Lab Based on Virtual Devices
How Data Correlation Works
Skype as a Security Risk
The Basics of DNSSEC
Organizational Aspects When Protecting Business Information and Records
UTM Solutions Evaluation in Virtual Environments
Hacker Summer Camp (2014 Edition)
File Integrity Checker Policy
Google Glass – A Snapshot
Kerberos Key Distribution Center Proxy Protocol
Wearables - A Look Ahead
Wearables - No Privacy for Your Biometry
Wearables - New Threats
Wearables - Technology on the Body
Wearables - New Freedom
Windows Passwords - A Well Known Secret?
Functionality Testing a IDS/IPS
The Value of IT General Controls within an Organization
Security Testing Using Virtual Environment Made Easy
Car Hacking - An Overview
Area41 - A Look Back
Security Conferences - A Waste of Time?
JSXBIN - Reversing the Binary File Type
Oh Twitter, Where Art Thou
Source Code Analysis - A Beginner's Guide
PowerShell - One Tool to Rule Them All
How to Handle Breach Incidents Involving Personal Information
Firewalls - Rules to Rule the Rules
The Worth of Information Security in Everyday Life
Android Permissions – A Top-500 Analysis 2014
A Look Fifteen Minutes into the Future
Security of Unified Communications using Microsoft Lync as an Example
Windows 8 Baseline Skeleton
On the Use of Security Concepts
Securing Logs in Motion
Vulnerability Disclosure: Revisited
Security Enhanced Linux
They Are Watching
Year 2013
23 Articles
scip IT Security Forecast 2014
2013: A Year in Review by scip AG
HP TippingPoint – Analysis of the Protection Filters
When Your TV Watches You
iOS7 - The Seven Best New Features (apart from the graphics)
Secure Mobile Data
Actions and Processes in Case of a Virus
OpSec on the Silk Road: Learning from Pirates
Virtual Switch Security - An Overview
Safer Log Files
The Broken Record: Talking to Business
An Open Letter to iOS/Android App Developers
Nmap NSE Vulscan 1.0 Released
Benchmark a Firewall Rulebase
Are we even moving?
Overview of Microsoft's security toolkit EMET
Timing of Efficient and Undiscovered Portscans
Interpreting a Logfile with Grok
Your Infosec Job is not a Movie
Blackhat Europe 2013 – A Hasty Preview
Virtual Environment Security Baseline Recommendations
Counting the FW1 Logfile
Critical Third Party Applications: Risk and Handling
Year 2012
9 Articles
NAXSI Open-Source WAF
Security Log, Part 2: Requirements, Costs and Tools
Security Log, Part 1: Experience with Log Management
Windows 7 Stripping & Hardening, Part 3: Keep it Safe
Mac OS X Memory Analysis: An Overview
Windows 7 Stripping & Hardening, Part 2
Opinion: Flamer/sKyWIper – Facts & Myths in 5 Minutes
Windows 7 Stripping & Hardening, Part 1: OS Tools
Structuring the Rule Name in Checkpoint Firewall
Year 2011
2 Articles
Open-Source and its Effects on Security
Basic RFID Security
Do you have any questions?
Our experts will get in contact with you!
×