• Trovebox - Authentication Bypass, SQLi, SSRF

    Trovebox, a photo sharing and management application, is prone to several critical vulnerabilities. Exploiting is trivial and it is recommended to update to the fixed version from Github.

    Continue Reading →

  • Potherder: a Honeypot Story

    It’s been seven years now that I started to contribute to the setup of Deutsche Telekom’s Early Warning System which is running multiple honeypots all over the globe and I would like to share my personal view on the history of the project, its internal goals and its achievements.

    I still remember the first group meeting with my department in November 2010. It was my third day at the new employment in the team “Security of Office and Portals” and I happened to start my new career path all dressed up, because I thought this was the way to go in a large corporation. Turns out I was wrong about this, some people were more technical than I initially thought and it took some time to lose the first impression I made wearing a suit…

    Continue Reading →

  • T-Pot Version 17.10 released

    In October 2016 we released T-Pot 16.10

    Continue Reading →

  • Opensourcing our Honeypot Backend (well, parts of it)

    The last years we have consistently supported the community by releasing new versions of our multi honeypot platform called T-Pot. This November we are proud to release a new version of T-Pot with exciting new features and …

    something more.

    Continue Reading →

  • Kaltura Video Platform - Pre-Auth Remote Code Execution (and XSS)

    During an interal pentest several critical vulnerabilities could be identified in the latest version of Kaltura Community and Enterprise. The vulnerabilities were fixed in the latest release 13.2.0.

    Update: A proof of concept exploit can be found here.

    Continue Reading →

  • T-Pot Version 16.10 released

    In March 2016 we released T-Pot 16.03 and the positive feedback encouraged us to continue development and share all the improvements with the community and are proud to present to you …

    Continue Reading →

  • T-Pot Version 16.03 released

    Last year we released T-Pot 15.03 as open source and we received lots of positive feedback and naturally feature requests which encouraged us to continue development and share our work as open source and are proud to present to you …

    Continue Reading →

  • Manual Docker Update for T-Pot (docker-engine 1.10)

    Yesterday Docker released version 1.10 (http://blog.docker.com/2016/02/docker-1-10/). While this release will improve on security and bring lots of useful features the automatic upgrade within T-Pot (http://dtag-dev-sec.github.io/feature/2015/10/23/updated-docker.html) will hang.

    Continue Reading →