usd AG4d ago

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

Security Advisories: Entra ID & Tenable Nessus Manager | usd AG

Our penetration testing professionals have identified critical vulnerabilities in Entra ID and Tenable Nessus Manager. Learn more.

more security. usd AG
usd AGJul 2, 2025

Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

Security Advisories on Agorum Core Open | usd AG

Our colleagues discovered critical vulnerabilities in Agorum Core Open that could be exploited to compromise the entire system.

more security. usd AG
usd AGJun 17, 2025
🔍 Our professionals at the usd HeroLab have closely examined the software #Vtiger. They discovered two vulnerabiltiies that allow low-privileged authorized users to upload files and thereby execute arbitrary code.

👉 You can find more information in the full security advisories: https://www.usd.de/en/security-advisories-vtiger/

#SecurityAdvisories #Pentest #Pentesting #moresecurity
Security Advisories on Vtiger | usd AG

Read more about two identified vulnerabilities in the software Vtiger that allow low-privileged authorized users to upload files and execute arbitrary code.

more security. usd AG
Show threadusd AGMar 7, 2025

With the help of this utility we were able to identify all potentially interesting files and download those first to increase efficiency in our analysis. It's now also available on our company GitHub organization: https://github.com/usdAG/webtree.

🔔 Follow us for #moresecurity
🔁 Also, boost the first toot to spread the word!

Show threadusd AGFeb 28, 2025

As we highly support open source and the idea behind it, we'll investigate how to use this tool and ways to contribute to it in the future. Stay tuned for updates.

🔔 Follow us for #moresecurity
🔁 Also, boost the first toot to spread the word!

usd AGNov 13, 2024

Proud of our colleagues Tobias ans Nicolas who spoke at the German #OWASP Day!
https://chaos.social/@c3voc_releases/113476273411466531

#SAP #InfoSec #CyberSecurity #Pentesting #MoreSecurity

c3voc releases (@[email protected])

SAP from an Attacker's Perspective – Common Vulnerabilities and Pitfalls has been released on media.ccc.de #god2024 #OWASP #Saal1 https://media.ccc.de/v/god2024-56278-sap-from-an-attackers-pers

chaos.social
usd AGMay 22, 2024
Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc
GitHub - usdAG/cstc: CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef - GitHub - usdAG/cstc: CSTC is a Burp Suite extension that allows request/response modif...

GitHub
Markus FeilnerApr 3, 2024

Ladies and Gentlemen! Here it comes, the

AIR-GAPPED CLOUD INFRASTRUCTURE

https://www.heise.de/news/Cloud-Anbieter-Ionos-ergattert-mit-Air-Gapping-Grossauftrag-der-Bundesverwaltung-9672441.html

#cloud #cyber #cybercyber #security #moresecurity #airgapped #hackerproof.

Großauftrag: Ionos soll Bundesverwaltung besonders sichere Cloud-Lösung liefern

Ionos soll eine Computer-Cloud für die Bundesverwaltung liefern. Im Fokus: maximale Datensicherheit. Der deutsche Cloud-Anbieter setzt dafür auf "Air Gapping".

heise online
usd AGMar 12, 2024

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

Release FlowMate v1.1 · usdAG/FlowMate

Changelog After hard work we are proud to release our next major release of FlowMate! We put a lot of effort into integrating new features and fixing bugs along the way. The changelog below gives a...

GitHub
usd AGDec 13, 2023

Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/