What We Do

Fill 4

ERNW Universe

ERNW Insinuator

Our company blog is the main source for research and insights created at ERNW, reflections on the information security world, and practical security advice resulting from assessment and consulting projects.

ERNW Research

Our first spin-off focuses on research work of all kinds, which can comprise publicly funded projects, cooperation with universities or fellow researchers, and the supervision and support of ERNW-internal research or methodology-focused projects.

ERNW Insight

Following our belief that knowledge must be shared, ERNW Insight focuses on finding and developing the best ways to make ERNW knowledge accessible to all (e.g. by hosting ERNW’s TROOPERS conference).

ERNW SecTools

The youngest member of the ERNW family broadens the ERNW portfolio by developing IT security related software as measured by our own high standards.

Services

  • service-assessment

    Assessment

    We provide assessment services such as penetration testing, audits, red teaming, and (closed-source) product evaluations. While we have developed many defined testing methodologies for different technologies, we mainly focus on highly technical and individual assessments. Examples for specialized assessment expertise comprise IoT/embedded/industrial/medical devices, cloud/virtualization/hosting platforms, Microsoft & Active Directory environments, or network/security appliances.

  • service-consulting

    Consulting

    Using the insight from (offensive) assessment projects, we also support our customers during design, implementation, and approval of their IT landscapes by offering design/concept/process reviews, security concept development, risk assessments, product evaluation, or network (security) design.

  • service-forensic

    Digital Forensics & Incident Analysis/Response

    We support our customers in implementing incident response processes/preparation as well as in analyzing occurred or suspected incidents. Following common incident response process models, we offer the development of incident preparation plans, immediate and on-site incident response and malware analysis, as well as the compilation of technical forensic reports.

  • service-training

    Training & Knowledge Transfer

    We offer training and knowledge transfer for most areas of IT security. The types of trainings range from video content over on-site trainings to gamified IT security challenges. Specific training offers as well as complete events like our TROOPERS conference can be found on the ERNW Insight pages.

  • service-research

    Research

    Following our knowledge-driven company culture, we offer research services to work on both scientific and pragmatic problems in the IT security space. Past funded research activities focused on Security Awareness, Digital Forensics, Reverse Engineering & Vulnerability Analysis, and telecommunications security. Future activities are coordinated by ERNW Research.

  • service-software

    Security Software

    The experience from operative projects resulted in the identification of product gaps in the IT security space. Acting on the ERNW claim to “Make the world a safer place”, ERNW SecTools focuses on the task to deliver security software to the market – where we see the use of a product resulting in security benefit.

  • service-operations

    Secure IT Operations

    The secure operation of IT systems can be a very specialized task requiring expert knowledge. We are offering the operation of both IT services in a secure way as well as the (secure) operation of IT security services (such as [Web] Application Firewalls, IDPS, or SIEM systems).

Latest Insinuator blog posts

May 06, 2021

Analysis of HSTS Caches of Different Browsers

The Reason I recently stumbled upon a strange behavior in my Firefox: I visited an HTTPS-enabled website that I had visited before and saw that my Firefox connected insecurely via HTTP. I found that strange because nowadays, most websites set the HSTS header, which is supposed to force the browser to connect via HTTPS. I […]

Read more

May 04, 2021

Attack llvmpipe Graphics Driver from Chromium

In this post, we are discussing a bug we came across in Mesas llvmpipe Gallium3D graphics driver. This bug was accessible through Chromium’s WebGL implementation and can provide control of the program counter (pc) within Chromium’s GPU process if llvmpipe is used. Llvmpipe is a software rasterizer that is used on Linux if no hardware […]

Read more

May 04, 2021

DogWhisperer’s SharpHound Cheat Sheet

BloodHound data collection, aka Sharphound, is quite a complex beast. When giving BloodHound workshops, the part where I get the most questions is always data collection. How is the BloodHound data collected? What methods do what? Who am I talking to? How do I fly under the radar?

Read more

May 03, 2021

BSI veröffentlicht Hardening Guide, Protokollierungs-Empfehlung und zugehörige GPOs für Windows 10 im Rahmen der SiSyPHuS-Studie

Wir freuen uns, dass das Bundesamt für Sicherheit in der Informationstechnik (BSI) im Rahmen des gemeinsam mit ERNW durchgeführten SiSyPHuS Win10-Projekts (Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10) heute (ca. 10 Uhr) die nächsten drei Arbeitspakete veröffentlicht: Empfehlung zur Härtung von Windows 10 mit Bordmitteln Empfehlung zur Konfiguration der Protokollierung in Windows […]

Read more

April 23, 2021

Of Corona, Buggy Audio Drivers and Industrial Espionage

The Situation Last year, the CISO of a customer sent me a laptop for analysis. The reason was that he feared the company could have been victim of industrial espionage. Starting in spring 2020, the IT help desk got several employee laptops with full hard drives, caused by a huge amount of audio recordings. The […]

Read more
More on More articles on our company blog