@secfaultsec profile picture
Secfault Security GmbH @secfaultsec

In-depth IT security consulting

Joined September 2019
  • Tweets 27
  • Following 38
  • Followers 217
Photos and videos
The other day, our colleague Oliver decided to play around with Syzkaller to fuzz the FreeBSD Kernel. He added some support for the Bluetooth stack and indeed found an OOB read. If you're interested, check our blog post here: secfault-security.com/blog/f…
2
2
292
We recently did some internal research and took a look at the JavaScript runtime Deno. We found a couple of interesting bypasses for their permission system. If you'd like to learn more, please feel free to check out our blogpost at secfault-security.com/blog/d….
2
5
584
We've taken (another) look at the OpenOlat learning management solution and found an XXE issue, which can be turned into an arbitrary file read and an SSRF problem. In case you're interested, make sure to read our blog post at secfault-security.com/blog/o…!
1
4
263
We recently decided to take a look at LibreOffice, and found an (almost) arbitrary file write issue, which is now public (CVE-2023-1183). If you're interested, check out secfault-security.com/blog/l… for details :)
28
79
13,820
Last year we did a number of projects for AgileBits, focusing on the 1Password ecosystem. The reports have now been made public, so in case you're interested to get an impression feel free to check secfault-security.com/blog/o….
3
1
364
Recently, @OldM4nHunting took a look at the Visual Studio App Center SDK for iOS and macOS and found an insecure object deserialization issue. Here's a write-up on her journey of identifying and exploiting the issue: secfault-security.com/blog/m….
5
4
1,159
As one of our internal research projects, we've recently taken a look at some self-powered wireless 433MHz light switches, particularly on reverse-engineering the used radio protocol and building a custom receiver. If you're interested, make sure to check secfault-security.com/blog/k….
1
2
380
We have recently conducted a review of the 1Password developer tools. Our report is now public, so please feel free to check it out: secfault-security.com/blog/o…
8
9
Some time ago, we've had a look at the F*EX file exchange solution (fex.rus.uni-stuttgart.de/), and found a pre-auth RCE. We now published a small write-up on this: secfault-security.com/blog/f…
2
1
Secfault Security GmbH retweeted
Karsten@gr4yf0x
20 Jul 2020
I dived into iOS kernel exploitation recently and have written a kernel exploit for chain 3 of @i41nbeer blog post series from last August. Check out the post at the @secfaultsec blog :) secfault-security.com/blog/c… Feedback highly appreciated!

6
114
370
Our colleague @gr4yf0x did a research project on re-creating a custom iOS exploit. You can read about his adventures here secfault-security.com/blog/c… :)
5
10
Secfault Security GmbH retweeted
X41 D-SEC GmbH@X41Sec
27 May 2020
All applications for the Pro-bono Pentests for COVID-19-related Apps & Software have been reviewed and the committee has chosen the winners. More info to follow soon 🙂
3
12
Secfault Security GmbH retweeted
X41 D-SEC GmbH@X41Sec
11 May 2020
Today is the last day to apply for a FREE pentest on your application that helps fight COVID-19! Since the closure of schools requires good tools for educational learning, we would love to see last minute submissions from this field.
X41 D-SEC GmbH@X41Sec
22 Apr 2020
X41 offers pro-bono pentests against COVID-19 related apps in a collaboration with the excellent firms @SecureLayer7, @cure53berlin, and @secfaultsec. Despite being very busy we want to give something back to the community. x41-dsec.de/security/news/wo…
11
15
We're proud to announce that together with our partners from @SecureLayer7, @cure53berlin and @X41Sec, we are offering pro-bono pentests for COVID-19 related apps/software: secfault-security.com/blog/P…
19
25
Secfault Security GmbH retweeted
confidenceconf@CONFidenceConf
12 Mar 2020
#TalkAnnouncement Karsten König will be joining #CONFidence2020 with a talk about Exploiting Reference Counter Vulnerabilities Inside The FreeBSD Kernel ⚡️ 👇Check out the details of his talk and get your ticket here 👇 buff.ly/2IIVBOW
7
10
Secfault Security GmbH retweeted
Jan Muenther@janmuenther
15 Feb 2020
Replying to @teh_gerg
Ah indeed, that’s another important point, especially in complex high risk projects. Particularly meaningful with all this microservice salad and abstraction layers.
1
1
3
Secfault Security GmbH retweeted
greg@teh_gerg
15 Feb 2020
Replying to @janmuenther
Well, it also provides an end-to-end view of a product at a certain stage, which can help identifying issues emerging from the interplay of its components. But that's another focus than the classical pentest before release idea.
1
1
1
Secfault Security GmbH retweeted
Jan Muenther@janmuenther
15 Feb 2020
to be fair though, I still use in pen testing - as a wake up call for teams in denial, and as a verification of assumptions in a very dedicated, targeted fashion as @teh_gerg outlined. Ideally, you consider pen test targets when you conceptualize your mitigations.
2
1
1
Load more