usd AG

@[email protected]
94 Followers
9 Following
72 Posts

We protect companies against hackers and criminals. #moresecurity is our mission.

Imprint: http://usd.de/en/imprint
Privacy protection: http://usd.de/en/privacy-protection

Websitehttps://www.usd.de/en/
Security Advisorieshttps://herolab.usd.de/en/security-advisories/
Events (German)https://www.usd.de/cst-academy/events/
usd AGMay 9, 2025

We have found an interesting vulnerability in a #Matrix #Android client:

🧩 Software: #Element X Android
πŸ“¦ Affected Version: <= 25.04.1
πŸ†” CVE: CVE-2025-27599
πŸ“Š CVSSv3.1: MEDIUM
⚠️ Prerequisites: Clicking on a crafted hyperlink or using a malicious app

Since Element X Android usually has the permission to access camera and microphone, this can be used to record audio and video from the victim. Pretty bad! 😨

πŸ”— Read more: https://herolab.usd.de/security-advisories/usd-2025-0010/

#InfoSec #CyberSecurity #Pentesting #Hacking #CVE_2025_27599 #SpyWare #Phishing

usd-2025-0010 - Element X Android - usd HeroLab

Advisory ID: usd-2025-0010 | Product: Element X Android | Vulnerability Type: Improper Export of Android Application Components (CWE-926)

usd HeroLab
Show threadusd AGSep 13, 2024

UTF-8 is a variable-length encoding system, meaning that the representations of different Unicode characters are of different lengths.

Common characters from the ASCII range use a single byte, while characters outside this range use multiple bytes (up to four).

Let's take the letter a as an example. It's Unicode code point is U+0061, which happens to be identical to its ASCII code 0x61, or in binary: 01100001

By adding leading zeros, we can expand this to 11 bits: 000 0110 0001. Code points of 8 to 11 bits are encoded with two bytes in UTF-8.

To indicate the use of a two-byte sequence, the first byte starts with the bits 110 and the second byte starts with 10.

usd AGSep 13, 2024

Did you know that apparently completely different strings are interpreted as identical by some tools?

This is due to redundant UTF-8 encodings of the same Unicode characters.

Read more below 🧡

#InfoSec #CyberSecurity #Hacking #Pentesting #UTF #Unicode

usd AGNov 30, 2023

#CantWait 😻 Tomorrow is #usdHackingNight again! Until tonight you still have the chance to register and take part. Go to the registration page, get set, go!

#SignUpNow: https://www.usd.de/cst-academy/events/usd-hacking-night/

usd AGNov 28, 2023

Vulnerabilities in #webapps, #standardsoftware and #crypto in 6 machines await you on Friday at #usdHackingNight. Can you root them all?

#SignUpNow: https://www.usd.de/cst-academy/events/usd-hacking-night/

usd AGNov 16, 2023

Hey hackers! Are you aware that there are only 15 days left until #usdHackingNight? This is your chance to show off your skills and compete with others.

#SignUpNow: https://www.usd.de/cst-academy/events/usd-hacking-night/

usd AGNov 1, 2023

The #countdown to #usdHackingNight is on. Be there when it's once again: On the tokens, ready, steady, go!

#Signupnow: https://usd.de/cst-academy/events/usd-hacking-night/

usd AGAug 24, 2023

Understanding a Hacker's Mind. who doesn't wish for it? Our usd AG Advanced Seminar makes it possible. Only if you know and understand the relevant #threats in IT environments, you can take effective countermeasures. Experienced security analysts from the #usdHeroLab will use theory and a lot of practice to show you the intentions and methods of a #hacker and how to protect your #systems in the best possible way.

Due to the great interest in the 1st half of the year, we are offering another date of the two-day attendance seminar in September.
πŸ‘‰β€‹https://www.usd.de/cst-academy/events/usd-seminar-understanding-hackers-mind/

#UnderstandingAHackersMind #CSTAcademy #moresecurity

usd AGAug 14, 2023

Our #HeroesOnTour are sending greetings from #LasVegas. Nicolas, Florian and Matthias presented our #pentesting #tools #FlowMate, #SNCScan and #CSTC to the global #HackerCommunity at #BlackHat and @defcon For those who couldn't join us live and want to learn more about the tools πŸ’‘ check out the GitHub repositories here πŸ‘‡β€‹πŸ‘¨β€πŸ’»

πŸ“’β€‹https://github.com/usdAG/FlowMate
πŸ“’ https://github.com/usdAG/sncscan
πŸ“’β€‹ https://github.com/usdAG/cstc

#moresecurity #usdHeroLab

GitHub - usdAG/FlowMate: FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.

FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses. - usdAG/FlowMate

GitHub
usd AGJul 28, 2023

To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. πŸ› οΈβ€‹

That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity

Our Colleagues Matthias GΓΆhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!πŸ€žβ€‹

#CyberSecurity #Innovation #ExcitedToPresent #usdHeroLab