SySS Tech Blog

Hacking your Softphone with a malicious Call

Abstract Softphones are becoming increasingly popular and offer an alternative to desk phones, not least due to the increasing use of the mobile office. Based on this fact, SySS IT security expert...

Multiple vulnerabilities in MIK.starlight Server (SYSS-2021-035, SYSS-2021-036, SYSS-2021-037, SYSS-2021-038, SYSS-2021-039)

During a penetration test project, SySS IT security consultant Nicola Staller identified multiple issues in the MIK.starlight Server.

Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation

Understanding an application’s network communication is commonly one of the major tasks when performing grey or black box application security analyses. To make this process as efficient and conven...

Attacking Anti-Phishing Banners in E-Mails

Abstract Anti-phishing warning in a HTML e-mail Phishing mails pose a risk to e-mail users nearly every day. Especially in the context of companies and organizations, phishing e-mails represent ...

On the Security of RFID-based TOTP Hardware Tokens

Introduction Time-based one-time passwords (TOTP) have been around for several years now and became more and more widespread as authentication factor in multi-factor authentication (MFA) methods. P...

To the Future and Back: Hacking a TOTP Hardware Token (SYSS-2021-007)

During a research project, SySS IT security expert Matthias Deeg found a security issue in the RFID-based TOTP hardware token Protectimus SLIM NFC.