Abstract During a security analysis of an enterprise communication infrastructure, IT security expert Moritz Abrell identified an “undocumented functionality” (backdoor) in the firmware of Mitel 6...
Hacking Some More Secure USB Flash Drives (Part I)
During a research project in the beginning of 2022, SySS IT security expert Matthias Deeg found several security vulnerabilities in different tested USB flash drives with AES hardware encryption.
Yet Another Local Privilege Escalation Attack via Razer Synapse Installer (CVE-2021-44226)
During a research project in fall 2021, SySS IT security expert Dr. Oliver Schwarz found a security vulnerability in the Razer Synapse installer for Windows which can be exploited in a local privil...
Abusing the MS Office protocol scheme
During a research project, SySS IT security consultant Matthias Zöllner found out that in a standard installation of Windows Office files can be opened directly via certain URLs. This article shows...
Extracting Secrets from LSA by Use of PowerShell
During a research project, SySS IT security consultant Sebastian Hölzle worked on the problem of parsing Local Security Authority (LSA) process memory dumps using PowerShell and here are his results.
Attacking Oracle Native Network Encryption (CVE-2021-2351)
During a research project, SySS IT security expert Moritz Bechler found several security issues concerning the proprietary security protocol Oracle Native Network Encryption.
Hacking your Softphone with a malicious Call
Abstract Softphones are becoming increasingly popular and offer an alternative to desk phones, not least due to the increasing use of the mobile office. Based on this fact, SySS IT security expert...
Multiple vulnerabilities in MIK.starlight Server (SYSS-2021-035, SYSS-2021-036, SYSS-2021-037, SYSS-2021-038, SYSS-2021-039)
During a penetration test project, SySS IT security consultant Nicola Staller identified multiple issues in the MIK.starlight Server.
Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation
Understanding an application’s network communication is commonly one of the major tasks when performing grey or black box application security analyses. To make this process as efficient and conven...
Attacking Anti-Phishing Banners in E-Mails
Abstract Anti-phishing warning in a HTML e-mail Phishing mails pose a risk to e-mail users nearly every day. Especially in the context of companies and organizations, phishing e-mails represent ...