Tech Blog: State-of-the-art IT security know-how

Hacking your Softphone with a malicious Call

Abstract Softphones are becoming increasingly popular and offer an alternative to desk phones, not least due to the increasing use of the mobile office. Based on this fact, SySS IT security expert Moritz Abrell analyzed the security of two Session Initiation Protocol (SIP) softphones. During this analysis, three vulnerabilities were discovered which allow an unauthenticated remote attacker cr...

more ...

Multiple vulnerabilities in MIK.starlight Server (SYSS-2021-035, SYSS-2021-036, SYSS-2021-037, SYSS-2021-038, SYSS-2021-039)

During a penetration test project, SySS IT security consultant Nicola Staller identified multiple issues in the MIK.starlight Server.

more ...

Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation

Understanding an application’s network communication is commonly one of the major tasks when performing grey or black box application security analyses. To make this process as efficient and convenient as possible, we developed hallucinate, a dynamic binary instrumentation tool to inspect and manipulate application TLS traffic in clear-text form. SySS just released hallucinate as an open sourc...

more ...

Attacking Anti-Phishing Banners in E-Mails

Abstract Anti-phishing warning in a HTML e-mail Phishing mails pose a risk to e-mail users nearly every day. Especially in the context of companies and organizations, phishing e-mails represent a risk because internal networks can be accessed by phishing access data and sending malware.

more ...

On the Security of RFID-based TOTP Hardware Tokens

Introduction Time-based one-time passwords (TOTP) have been around for several years now and became more and more widespread as authentication factor in multi-factor authentication (MFA) methods. Protecting user accounts via two-factor authentication (2FA) using a static password and a TOTP is considered a good idea from a security standpoint and a best practice that can prevent different kinds...

more ...

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number