Cybersecurity Wiki
In-depth articles on cybersecurity topics.
Identity & Access Management
Access Control models: DAC, MAC, RBAC, ABAC and Zero Trust
Access control is the fundamental security concept of any IT system. This article explains the four main models—Discretionary (DAC), Mandatory (MAC), Role-Based (RBAC), and Attribute-Based (ABAC)—their strengths and weaknesses, practical implementation examples in Active Directory, AWS IAM, and PostgreSQL, as well as the transition to zero-trust access control.
Offensive Security
Active Directory Angriffe
Active Directory (AD) is at the heart of nearly every Windows enterprise infrastructure—and thus a prime target for attacks. This article explains the most common AD attack techniques and how to protect yourself.
Windows Security
Active Directory Domain Controller: Architecture, hardening and attack vectors
The domain controller is the central authority in Active Directory environments. This article explains architecture, Kerberos, group policies, hardening measures, and attack vectors.
Anwendungssicherheit
API-Sicherheit: OWASP API Top 10, Authentifizierung, Testing und Best Practices
Comprehensive Guide to API Security: OWASP API Security Top 10 (2023) Fully Explained with Code Examples, API Authentication (API Keys, JWT, OAuth 2.0, mTLS), testing methodologies for REST and GraphQL, tool usage (Burp Suite, Postman, jwt_tool, Nuclei), API discovery, and a security checklist for developers and penetration testers.
Endpoint Security
Application Allowlisting: Windows Defender Application Control and AppLocker
Application allowlisting (formerly known as whitelisting) allows only explicitly approved software to run, thereby fundamentally preventing malware from executing. This article explains WDAC (Windows Defender Application Control) and AppLocker: policy creation, rule types (hash, publisher, path), CI/CD integration, audit mode, bypass techniques, and migration strategies from a "deny-all" environment to a production environment.
Anwendungssicherheit
Application Security Testing (AST): SAST, DAST, IAST and SCA
Application security testing combines four complementary testing methods: SAST (static source code analysis), DAST (dynamic testing of running applications), IAST (internal instrumentation), and SCA (third-party library analysis). This article explains how each method works, its strengths and weaknesses, how to integrate them into CI/CD, and which tools are suitable for which use cases.
Security Operations
Attack surface management: Knowing and reducing the external attack surface
Attack Surface Management (ASM) is the ongoing process of discovering, assessing, and monitoring all of an organization’s externally accessible assets. This article explains External ASM (EASM), asset discovery methods, exposure assessment, integration with vulnerability management, and relevant tools (Shodan, Censys, netlas.io, commercial EASM platforms).
Business Continuity
Backup and disaster recovery: ransomware-proof data backup
Backups are the last line of defense against ransomware and data loss. This article explains the 3-2-1-1-0 rule, immutable storage, recovery testing, and modern backup architectures for businesses of all sizes.
Compliance & Standards
BSI IT-Grundschutz
The BSI IT-Grundschutz is a framework developed by the Federal Office for Information Security that provides companies and government agencies with a systematic methodology for implementing information security—featuring highly detailed, practical components.
Risikomanagement
Business continuity management (BCM): making companies crisis-proof
Business Continuity Management (BCM) is the organizational framework for maintaining critical business processes during and after crises. This article explains the BCM lifecycle according to ISO 22301, Business Impact Analysis (BIA), recovery strategies, Business Continuity Plans (BCP), crisis management structures, and integration with IT emergency management and ISO 27001.
Compliance & Governance
Cloud compliance: SOC 2, ISO 27017, ISO 27018, CSA STAR and FedRAMP
Cloud compliance encompasses the full range of regulatory requirements and certification standards for cloud services: SOC 2 (Trust Service Criteria), ISO 27017 (cloud-specific security controls), ISO 27018 (data protection in the cloud), CSA STAR (Cloud Security Alliance), FedRAMP (U.S. federal agencies), C5 (BSI), and EUCS (EU Cloud Scheme). This article explains the differences, requirements, and certification processes.
Cloud Security
Cloud detection engineering: attack detection in AWS, Azure and GCP
Cloud Detection Engineering focuses on the development, testing, and maintenance of detection rules for attacks on cloud infrastructures (AWS, Azure, GCP). This article explains the basics: CloudTrail/Activity Logs as data sources, Detection-as-Code approaches (Sigma, Terraform), ATT&CK for Cloud Coverage, specific detection rules for common cloud attacks (credential theft, S3 data exfiltration, privilege escalation), false positive management, and the establishment of a cloud detection engineering process.
Cloud Security
Cloud IAM security: securing AWS, Azure and GCP properly
Cloud Identity and Access Management Security: AWS IAM (Least Privilege, Permission Boundaries, Service Control Policies, IAM Access Analyzer), Azure RBAC + Entra ID (Custom Roles, Conditional Access, Managed Identities), GCP IAM (Workload Identity Federation, Organization Policies), Service Account Security, Cloud-native Secret Management (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), Cross-Cloud Identity Federation and CSPM Integration.
Cloud Security
Cloud Key Management: AWS KMS, Azure Key Vault und HashiCorp Vault im Vergleich
Cloud Key Management Services (KMS) protect cryptographic keys in the cloud. This article compares AWS KMS, Azure Key Vault, and HashiCorp Vault: key types (CMK, DEK, KEK), envelope encryption, HSM integration, key rotation strategies, BYOK (Bring Your Own Key), HYOK (Hold Your Own Key), access policies, and compliance requirements (FIPS 140-2, BSI).
Sicherheitsarchitektur
Cloud Security: Security in AWS, Azure and GCP - The complete guide
Cloud Security Explained in Detail: The Shared Responsibility Model, Common Misconfigurations and How to Avoid Them, Secure Cloud Architecture, CSPM, IAM Security, Encryption, Compliance Requirements, and Best Practices for AWS, Azure, and Google Cloud.
Cloud Security
Container security and Kubernetes hardening: The complete guide
Container and Kubernetes Security from the Ground Up: The 4C Model, Docker Image Hardening (non-root, distroless, multi-stage), Container Scanning with Trivy and Grype, Kubernetes RBAC, Pod Security Standards (restricted), NetworkPolicy (deny-all + allowlist), secrets management with External Secrets Operator and Vault, runtime security with Falco and eBPF, serverless security, supply chain security with Cosign/SLSA, CI/CD pipeline, and Cloud-Native Security Maturity Model.
Compliance
Critical infrastructure (KRITIS): definition, protection and NIS2
KRITIS - Critical Infrastructure in Germany: Which sectors are affected, what cybersecurity obligations apply, and how the NIS2 Directive strengthens protection.
Kryptographie
Cryptography: encryption, algorithms, PKI and post-quantum
Cryptography is the technical foundation of IT security. This article explains symmetric and asymmetric encryption (AES, RSA, ECC), hash functions and password hashing (bcrypt, Argon2), digital signatures, PKI hierarchies, TLS 1.3 with specific Nginx configurations, post-quantum cryptography (ML-KEM, ML-DSA), BSI TR-02102 recommendations, and common implementation errors in practice.
Governance, Risk & Compliance
Cybersecurity Frameworks im Vergleich: NIST CSF, ISO 27001, CIS Controls und BSI Grundschutz
Cybersecurity frameworks organize security measures and enable systematic risk reduction. The most important frameworks in the DACH region: NIST CSF 2.0 (function-based), ISO 27001 (certifiable), CIS Controls v8 (concrete and prioritized), BSI IT-Grundschutz (German, model-based). This comparison explains the strengths, weaknesses, and areas of application for each framework, as well as mapping possibilities between the standards.
Compliance & Governance
Data Governance: Daten als Unternehmensasset systematisch verwalten
Data governance is the organizational and technical framework for the secure, compliant, and value-adding management of corporate data. This article explains the data governance framework, roles (data owner, steward, custodian), data classification, data catalog, data quality, lineage, and compliance integration (GDPR, ISO 27001).
Datenbank-Sicherheit
Database security: securing SQL Server, MySQL and PostgreSQL
Practical Guide to Database Security: Hardening SQL Server, MySQL, and PostgreSQL; access control and least privilege; audit logging; encryption at rest and in transit; SQL injection protection; and database monitoring. Includes specific SQL commands and configuration examples.
Bedrohungslandschaft
DDoS attacks: types, defenses and the current threat situation
DDoS Attacks Fully Explained: Volumetric, Protocol, and Application Layer Attacks—How Botnets Work, the Different Types of DDoS Attacks, and How Businesses Can Protect Themselves Effectively.
DevSecOps
DevSecOps tools comparison: SAST, DAST, SCA and Secrets Scanning
A structured comparison of the most important DevSecOps tools for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secrets scanning. The article explains the intended use, strengths, and limitations of Semgrep, SonarQube, Snyk, OWASP ZAP, Nuclei, Trivy, Gitleaks, and other tools, as well as their integration into CI/CD pipelines (GitHub Actions, GitLab CI).
DevSecOps
DevSecOps: Integrating security into CI/CD pipelines
A Practical Guide to DevSecOps Implementation: How to integrate security testing into CI/CD pipelines, which tools to use for SAST, DAST, SCA, and container scanning, and how to incorporate security findings into the development workflow. Includes concrete examples using GitLab CI and GitHub Actions.
E-Mail-Sicherheit
DKIM - DomainKeys Identified Mail
DKIM is an email authentication protocol that cryptographically signs outgoing emails, thereby ensuring that the message has not been tampered with on its way to the recipient.
E-Mail-Sicherheit
DMARC - Domain-based Message Authentication, Reporting and Conformance
DMARC is an email authentication protocol that builds on SPF and DKIM and enables domain owners to prevent email spoofing and phishing attacks.
Netzwerksicherheit
DMZ - Demilitarized zone in network security
The DMZ (Demilitarized Zone) is an isolated network segment between the Internet and the internal network. Architecture, use cases, advantages and disadvantages, and best practices.
Compliance & Standards
DORA - Digital Operational Resilience Act
DORA is an EU regulation that, starting in January 2025, will impose mandatory requirements on financial firms regarding digital operational resilience, ICT risk management, and incident reporting.
Endpoint-Sicherheit
EDR in the company: Deployment, Tuning and Incident Response
Endpoint Detection and Response (EDR) is the critical security layer for modern endpoints. This guide explains EDR architecture and deployment (CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black), how to properly configure EDR alerting (avoiding alert fatigue), how to use EDR data for threat hunting, and how to integrate EDR with SOAR and SIEM. Includes a comparison of EDR vs. XDR vs. MDR.
E-Mail-Sicherheit
Email security architecture: DMARC, SPF, DKIM, BIMI and MTA-STS in combination
A Complete Email Security Architecture Explained: SPF (Sender Policy Framework) prevents IP spoofing, DKIM (DomainKeys Identified Mail) cryptographically signs emails, and DMARC (Domain-based Message Authentication) combines both and establishes policies for handling failures. BIMI enables logo display in email clients as a trust signal. MTA-STS and TLS-RPT secure the transport. Includes phased implementation, DNS configuration, and monitoring.
E-Mail-Sicherheit
Email security gateway: stopping phishing and malware
Email Security Gateway Implementation: SPF/DKIM/DMARC Enforcement, Anti-Phishing (URL Rewriting, Sandboxing), anti-malware (attachment scanning, zero-day protection), Business Email Compromise (BEC) detection, comparison of secure email gateways (Microsoft Defender for Office 365, Proofpoint, Mimecast, Hornetsecurity), Email archiving for compliance, enforcing TLS encryption, and configuring DMARC reports.
E-Mail-Sicherheit
Email security: SPF, DKIM, DMARC, BIMI and MTA-STS in detail
Comprehensive Email Security Guide: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Reporting and Enforcement), BIMI (Brand Indicators for Message Identification), MTA-STS, and DANE. Includes DNS configuration examples, common misconfigurations, phased rollout, and debugging tools.
Security Operations
Endpoint Security: EDR, EPP and holistic device protection
Endpoint security protects all endpoints—laptops, servers, and mobile devices. From traditional antivirus to EDR and XDR: technologies, detection methods, hardening measures, and choosing the right solution.
Security Operations
Enterprise Patch Management: Systematische Schwachstellenbehebung
Patch management is the structured process of identifying, assessing, testing, and installing software updates. This article explains the complete PM process: asset inventory, patch sources, risk assessment, testing procedures, rollout strategies (WSUS, SCCM, Ansible, AWS SSM), emergency patching, and compliance requirements according to ISO 27001 (A.8.8) and NIS2.
Netzwerksicherheit
Firewall and Next-Generation Firewall (NGFW): Understanding network protection
From the classic packet-filter firewall to the next-generation firewall (NGFW) with deep packet inspection, IPS, SSL inspection, and application control. Configuration examples, firewall generations, and guidance on which solution is right for which business.
Compliance & Recht
GDPR and IT security: technical requirements, TOMs and implementation
The GDPR explicitly requires technical security measures (Art. 32). This comprehensive article clarifies the intersection between data protection law and IT security: TOMs (technical and organizational measures) across the 8 areas of protection, complete TOM documentation, a 72-hour reporting obligation following data breaches (Art. 33/34), data protection impact assessment (DPIA under Art. 35), privacy by design (Art. 25), GDPR-compliant IT architecture, ISO 27001 alignment, and the risk of fines.
Compliance
GRC: Governance, risk management and compliance for companies
Introduction to GRC (Governance, Risk Management, and Compliance): What GRC means, how a GRC framework is structured, which tools support it, how GRC relates to ISO 27001, NIS2, and the GDPR, and why integrated GRC is more efficient than siloed compliance approaches.
Identitätsschutz
Identity & Access Management (IAM): Identitäten sicher verwalten
IAM is the foundation of any zero-trust architecture. This article explains identity lifecycle management, RBAC vs. ABAC, single sign-on, privileged access management, MFA methods, and modern identity attacks on identity systems.
Identity & Access Management
Identity Governance and Administration (IGA): Joiner-Mover-Leaver und Zugriffszertifizierung
Identity Governance and Administration (IGA) encompasses the processes for managing user identities throughout their entire lifecycle: creation during onboarding, updates during role changes, and deactivation during offboarding. IGA systems automate the assignment of permissions, enforce segregation of duties (SoD), and enable periodic access certifications.
Identity Security
Identity theft and account takeover: attacks and protective measures
How attackers take over accounts and misuse identities: credential stuffing, password spraying, SIM swapping, and MFA bypass techniques. Protective measures for businesses using Microsoft Sentinel, Conditional Access, and FIDO2.
Mobile Security
IMSI catcher: How it works, legal situation and protective measures
IMSI catchers are devices that force mobile phones to connect to them, thereby capturing call data and locations. Technology, Section 100i of the Code of Criminal Procedure, detection, and protection explained.
Security Operations
Incident Response
Incident Response (IR) is the structured process for detecting, containing, resolving, and following up on cybersecurity incidents. A well-prepared IR process determines the extent and duration of the damage caused by an attack.
Compliance & Recht
Informationssicherheitsbeauftragter (ISB)
The ISB is responsible for the ISMS, risk analyses, and compliance. Responsibilities, qualifications, NIS 2 requirements, and a comparison of internal versus external ISBs for companies.
Compliance & Standards
ISO 27001 - Informationssicherheitsmanagementsystem
ISO 27001 is the international standard for information security management systems (ISMS). It defines requirements for the establishment, operation, and continuous improvement of information security.
Grundlagen
IT Asset Management (ITAM) und Cybersicherheit: Alles inventarisieren, alles schützen
Why comprehensive IT asset management is the foundation of every security strategy: CMDB concepts, software asset management, SBOM, hardware lifecycle, automated discovery tools, and how ITAM relates to ISO 27001, NIS2, and vulnerability management.
Security Operations
IT emergency management: incident response and crisis management
A structured guide to IT incident management: from developing an incident response plan and managing the first 72 hours following a cyberattack to legal reporting requirements under NIS2 and the GDPR. Includes templates and checklists.
Sicherheitsberatung
IT security concept: structure, content and implementation
An IT security policy systematically documents all measures taken to protect information security within the organization. It serves as the foundation for an ISMS in accordance with ISO 27001 or BSI IT-Grundschutz and is a prerequisite for certification.
Netzwerksicherheit
Lateral Movement: Detection and defense in the corporate network
Lateral movement refers to the techniques attackers use to move through a network after gaining initial access in order to compromise additional systems. This article explains the most common techniques (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, WMI/PSExec), detection strategies using Windows event logs and EDR, as well as defensive measures (Local Admin Password Solution (LAPS), Protected Users security group, SMB signing, and network segmentation).
Server Security
Linux Server Hardening: CIS Benchmark, SSH, auditd and AppArmor
Comprehensive hardening guide for Linux servers based on the CIS Benchmark Level 2. SSH configuration, kernel parameters, auditd logging, AppArmor/SELinux, Fail2ban, automatic security updates, and compliance checks using Lynis.
Bedrohungslandschaft
Malware: types, analysis and protective measures
From viruses and Trojans to ransomware, spyware, and rootkits—an overview of all types of malware, the current threat landscape, analysis methods, and proven protective measures for businesses.
Angriffstechniken
Man-in-the-middle attacks: techniques, detection and protection
Man-in-the-middle (MITM) attacks position an attacker between communicating parties—silently, often invisibly. All techniques explained: ARP spoofing, SSL stripping, DNS spoofing, BGP hijacking, AiTM phishing.
Endpoint Security
Mobile Device Management (MDM): Managing smartphones and tablets securely
Mobile Device Management (MDM) enables the centralized management of smartphones, tablets, and laptops. This article explains MDM architectures, enrollment methods (DEP/Apple Business Manager, Android Enterprise Zero-Touch), compliance policies, app management (MAM), BYOD vs. company-owned devices, and a product comparison (Intune, Jamf, VMware Workspace ONE).
Endpoint Security
Mobile security: Android and iOS enterprise hardening, MDM and BYOD
Comprehensive Guide to Mobile Security for Businesses: Threat Profile (Malicious Apps, Smishing, Vishing, Network Risks), MDM vs. MAM, BYOD/COPE/COBO Models, iOS Enterprise Hardening (Supervised Mode, Per-App VPN, Lockdown Mode), Android Enterprise (Work Profile, Fully Managed, Knox), Mobile Threat Defense (Lookout, Zimperium, Microsoft Defender for Mobile), Conditional Access, GDPR-Compliant MDM Policies, and Incident Response for Compromised Mobile Devices.
Netzwerksicherheit
Network Access Control (NAC): 802.1X, RADIUS, Posture Assessment und Zero-Trust-Integration
Comprehensive Guide to Network Access Control (NAC): IEEE 802.1X port-based access control, RADIUS servers (FreeRADIUS, Cisco ISE, Microsoft NPS), EAP-TLS and PEAP, Posture Assessment (Patch Status, Antivirus, Disk Encryption), VLAN-Based Quarantine, BYOD Strategies (MDM Enrollment, ZTNA), Guest Networks, MAC Address Bypass for IoT, and a Comparison of Leading NAC Solutions (Cisco ISE, Aruba ClearPass, Portnox, Forescout). Includes a rollout roadmap and NAC as a zero-trust building block.
Netzwerksicherheit
Network Detection and Response (NDR): Bedrohungserkennung im Netzwerk
Network Detection and Response (NDR) analyzes network traffic using machine learning, behavioral analysis, and threat intelligence to detect threats that bypass endpoint solutions. NDR solutions (Darktrace, ExtraHop, Vectra AI, Cisco Secure Network Analytics) detect: command-and-control traffic, lateral movement, data exfiltration, and encrypted malware. Integration with XDR platforms and SOC workflows.
Netzwerksicherheit
Network security: architectures, technologies and best practices
Network security protects corporate networks from breaches, data loss, and tampering. A practical overview of firewalls, network segmentation, Zero Trust, common attacks, and penetration testing.
Security Operations
Netzwerk-Forensik: Angriffe im Netzwerkverkehr rekonstruieren
Network forensics is the analysis of network data to investigate security incidents. This article explains capture strategies (TAP, SPAN, NetFlow), analysis tools (Wireshark, Zeek, Suricata, NetworkMiner), typical attack signatures in network traffic, evidence preservation in accordance with ISO/IEC 27037, and the limitations of network forensics when dealing with encrypted traffic.
Compliance & Standards
NIS2-Richtlinie
The NIS2 Directive (Network and Information Security Directive 2) is an EU regulation that harmonizes and strengthens cybersecurity requirements for critical and important infrastructure.
Penetrationstest
OSINT Methods: Tools and Techniques for Open Source Intelligence
OSINT (Open Source Intelligence) refers to the systematic collection and analysis of publicly available information for security and reconnaissance purposes. This article explains OSINT methods for corporate research: DNS enumeration (dnsx, amass, subfinder), Google Dorking, Shodan/Censys, Certificate Transparency, social media OSINT, WHOIS analysis, and passive reconnaissance frameworks such as Maltego and SpiderFoot.
Offensive Security
OSINT: Open Source Intelligence in Cybersecurity
OSINT (Open Source Intelligence) Explained: How attackers and penetration testers use publicly available information, what tools are used, and how companies can reduce their OSINT attack surface.
OT-Sicherheit
OT/ICS Industrial Security: Protection concepts for industrial plants and KRITIS
Operational Technology (OT) and Industrial Control Systems (ICS) protect physical processes—from power grids to manufacturing facilities. This article explains the Purdue model, the IEC 62443 zone-conduit model and security levels, OT-specific attack vectors (Stuxnet, TRITON, Industroyer), industrial protocols (Modbus, DNP3, Profinet, OPC UA), asset discovery with Nozomi/Claroty, network segmentation, patch management in OT environments, OT-SIEM integration and incident response, as well as NIS2 and KRITIS requirements for KRITIS operators.
Penetration Testing
Penetration test methodology: PTES, OWASP, OSSTMM, BSI guidelines and TIBER-EU
Comparison of leading penetration testing methodologies: PTES, OWASP Testing Guide, OSSTMM, BSI Guidelines (BSI-CS 115), and TIBER-EU for the financial sector. Including phase models, scope templates, test types, reporting standards, and penetration testing certifications for German companies.
Offensive Security
Penetrationstest (Pentest)
A penetration test is an authorized security test in which experts simulate real-world cyberattacks to identify vulnerabilities in IT systems, networks, or applications.
Bedrohungslandschaft
Phishing und Social Engineering: Angriffsmethoden, Psychologie und Schutzmaßnahmen
Complete Guide to Phishing and Social Engineering: Phishing Taxonomy (mass phishing, spear phishing, whaling, BEC, smishing, vishing, QR code phishing, AiTM), technical attack techniques (domain spoofing, phishing kits), psychological manipulation principles (Cialdini), pretexting, technical protective measures (DMARC, phishing-resistant MFA, email gateway), phishing simulations, training content, and incident response. Includes current AI phishing trends for 2024.
Penetrationstest
Physical penetration testing: methodology, tools and legal principles
Physical penetration testing evaluates physical security measures: access control, tailgating, lock picking, badge cloning, OSINT for physical targets, and on-site social engineering. This article explains the methodology (PTES Physical), tools (Proxmark3, Flipper Zero, lock picks), legal safeguards (authorization letters), and protective measures against physical attacks.
Grundlagen
Physische Sicherheit in der Informationssicherheit: Server, Büro und Zugangskontrolle
Physical security is the often-overlooked foundation of information security. This article covers server room security, access control systems, the clean desk policy, laptop theft protection, physical attack vectors (Evil Maid, USB drops), and how physical security measures relate to ISO 27001 and BSI IT-Grundschutz.
Identity Security
Privileged Access Management (PAM): Privilegierte Konten schützen
Privileged Access Management (PAM) protects the most powerful accounts in an IT environment—domain administrators, root accounts, and service accounts. This article explains PAM architecture (vault, session recording, just-in-time access), compares PAM products (CyberArk, Delinea, BeyondTrust, HashiCorp Vault, Microsoft PIM), the tiered admin model, just-in-time privileges, break-glass accounts, GDPR-compliant session recording, and integration with SIEM and SOAR.
Privilege Management
Privileged Access Workstation (PAW): Sichere Admin-Arbeitsplätze für privilegierte Zugriffe
Privileged Access Workstations (PAWs) are dedicated, hardened workstations used exclusively for administrative tasks. Microsoft’s recommendation for protecting privileged identities in Active Directory and Azure. PAWs separate administrative activities from everyday web browsing, email, and other sources of risk. This article explains PAW deployment models (physical, virtual, cloud), hardening configuration, integration into a tiered administration model, and an alternative LAPS-based clean-source principle.
Bedrohungslandschaft
Ransomware
Ransomware is malware that encrypts a victim’s data or locks their systems and demands a ransom to unlock them. It is one of the most costly cyber threats worldwide.
Offensive Security
Red Teaming: Angriffssimulationen professionell durchführen
Comprehensive Guide to Red Team Operations: Differences from penetration testing, the TIBER-EU framework, red team phases (from reconnaissance to reporting), C2 infrastructure, commonly used TTPs, and how organizations benefit from red team engagements.
Secure Development
Secure Coding Practices: Anchoring security in the development process
Secure Coding and Secure SDLC: From threat modeling and STRIDE to language-specific security patterns (Python, Java, Node.js, Go) for input validation, SQL injection, authentication, and cryptography, through to SAST/DAST/SCA in CI/CD, security code reviews, container security, SBOM, secrets management, and the OWASP SAMM maturity model. A practical guide for development teams without their own security department.
Strategie & Architektur
Security Architecture: Frameworks, Patterns and Practical Implementation
A Comprehensive Guide to Security Architecture: Zero Trust, Defense in Depth, NIST CSF, Cloud Security Architecture, Network Segmentation, and How Security Architecture Decisions Prevent or Hinder Attacks. Includes detailed architectural diagrams and implementation guidelines.
Security Operations
Security awareness training: How the human firewall really works
Security Awareness Training Done Right: Why Traditional One-Time Training Sessions Fail, What Phishing Simulations Actually Measure, and How a Sustainable Awareness Program Reduces Cyber Risks.
Governance
Security Maturity Models: CMMI, C2M2, BSIMM and OpenSAMM in comparison
Security maturity models help organizations measure the current maturity level of their cybersecurity capabilities and improve them systematically. This article explains the most important frameworks: C2M2 (Cybersecurity Capability Maturity Model), BSIMM (Building Security In Maturity Model), OpenSAMM (Software Assurance Maturity Model), ISM3, as well as their integration into ISO 27001 and NIS2 compliance.
Security Operations
Security metrics and KPIs: making security measurable
Security metrics are proof that investments in IT security are effective. This article explains which KPIs are relevant for operations (MTTD, MTTR, FP rate), vulnerability management (patch compliance, MTTR), awareness training (phishing click-through rate), compliance (audit compliance rate), and strategic board reports—complete with specific target values and calculation formulas.
Security Operations
Security Operations Center (SOC) and SIEM: monitor cybersecurity 24/7
SOCs and SIEMs form the foundation of any professional threat detection system. This article explains how to set up and operate an SOC, SIEM architecture, use cases, alert triage, and addresses the question: In-house SOC or MSSP?
Security Operations
SOAR: Security Orchestration, Automation and Response implementieren
Security Orchestration, Automation, and Response (SOAR) automates repetitive SOC tasks and reduces the Mean Time to Respond (MTTR) from hours to minutes. This guide explains SOAR architecture and platforms (Splunk SOAR, Microsoft Sentinel, Palo Alto XSOAR, TheHive), how to create playbooks for common incidents (phishing, malware, credential compromise), and how to integrate SOAR with SIEM, EDR, and ticketing systems.
Bedrohungslandschaft
Social engineering: psychological manipulation tactics in IT security
Social Engineering Explained: Pretexting, Baiting, Tailgating, Quid pro Quo—all types of attacks, the psychological tactics behind them, and effective countermeasures.
DevSecOps
Software Supply Chain Security: SLSA, Sigstore and Dependency Management
Software supply chain security protects the entire software development process from compromise—from source code repositories to build systems and package registries. SLSA (Supply-chain Levels for Software Artifacts) defines security levels for build processes. Sigstore enables transparent code signing. This article explains SolarWinds, XZ Utils, and other supply chain attacks, as well as practical countermeasures.
E-Mail-Sicherheit
SPF - Sender Policy Framework
SPF is a DNS-based email authentication protocol that specifies which mail servers are authorized to send emails on behalf of a domain, thereby preventing email spoofing.
Bedrohungslandschaft
Supply chain attacks: SolarWinds, Log4Shell and the invisible threat
Supply Chain Attacks Explained: How SolarWinds, Log4Shell, and XZ Utils Work, Why They Are So Dangerous, and How Companies Can Secure Their Software Supply Chain.
Security Operations
Threat Intelligence: Angreifer verstehen bevor sie angreifen
Threat Intelligence (TI) is the systematic collection and analysis of information about threat actors, attack methods, and IoCs. From OSINT to commercial feeds: how companies use TI in their operations.
Security Architecture
Threat Modeling Frameworks: STRIDE, PASTA, LINDDUN, MITRE ATT&CK und Praxis-Integration
Complete Guide to Threat Modeling: The Four Core Questions, Data Flow Diagrams (DFD) as a Foundation, STRIDE Framework (from Spoofing to Elevation of Privilege) with Workshop Instructions, PASTA (7-Phase, Business-Oriented), LINDDUN (Privacy Threats, GDPR Art. 25), DREAD Scoring, MITRE ATT&CK Integration; Tool Comparison (OWASP Threat Dragon, Microsoft TMT, IriusRisk, Threagile), Threat Modeling in Agile/DevSecOps, ROI Calculation, and ISO 27001 Compliance.
Vulnerability Management
Vulnerability Disclosure: CVD, VDP, Bug Bounty and Responsible Disclosure
How are security vulnerabilities responsibly reported and addressed? This article explains Coordinated Vulnerability Disclosure (CVD), the difference between VDP and bug bounty programs, Security.txt (RFC 9116), responsible disclosure policies with safe harbor clauses, bug bounty platforms (HackerOne, Bugcrowd, Intigriti, YesWeHack), scope definition, triage processes, CVSS scoring, payout structures, program metrics, and the legal situation for security researchers in Germany under Section 202a of the German Criminal Code (StGB).
Security Operations
Vulnerability Management: Systematisches Schwachstellenmanagement in der Praxis
Vulnerability management is more than just regular scans—it is a continuous process involving detection, assessment, prioritization, remediation, and verification. This article explains the full VM program: scanner selection, CVSS vs. EPSS prioritization, patch SLAs, metrics, and integration with DevSecOps and ISMS.
Security Operations
Vulnerability management: The complete guide
Implementing systematic vulnerability management: from detection and prioritization to remediation—using CVSS, EPSS, and patching strategies.
Secure Development
Web application security: OWASP Top 10, security testing and WAF
Comprehensive Guide to Web Application Security: OWASP Top 10 (2021) with secure code examples, complete WSTG testing methodology (SQL injection, XSS, SSRF, IDOR, business logic), Burp Suite Pro Workflow, Nuclei Scanning, Security Headers, WAF Configuration, and Compliance Requirements (PCI DSS, BSI IT-Grundschutz, ISO 27001, NIS2). For developers, security teams, and clients commissioning web penetration tests.
Offensive Security
Web scraping: techniques, legal situation and defensive measures
Web scraping refers to the automated extraction of web content. This article provides a concise overview of the techniques involved, the legal framework under the GDPR and the German Copyright Act (UrhG), detection methods, defense strategies, and its relevance to OSINT.
Endpoint-Sicherheit
Windows Server Härtung: CIS Benchmark, Microsoft Security Baseline und Praxis-Guide
Systematic hardening of Windows Server 2019/2022 according to CIS Benchmark Levels 1/2 and the Microsoft Security Baseline: Disable services, disable SMB v1, restrict NTLM, enable LAPS v2 for local administrator passwords, PowerShell hardening, Windows Firewall, audit policies (auditpol), Protected Users security group, Credential Guard, AppLocker, and enforce TLS 1.3. Includes prioritized PowerShell scripts and compliance checks.
Netzwerksicherheit
WLAN security in the company: From WPA3 to 802.1X
Enterprise Wi-Fi Security: WPA3-Enterprise vs. WPA3-SAE, 802.1X Authentication (RADIUS + EAP-TLS/PEAP), SSID Segmentation (Corporate vs. BYOD vs. Guests), Rogue Access Point Detection, Wi-Fi IDS/IPS, PMF (Protected Management Frames), Evil Twin Attack Detection, Secure Wi-Fi Configuration for Cisco, Aruba, and Ubiquiti, and Wi-Fi Penetration Testing Methodology.
Sicherheitsarchitektur
Zero Trust - Modernes Sicherheitsarchitekturprinzip
Zero Trust is a security paradigm based on the principle of "never trust, always verify": No user, device, or network segment is implicitly trusted—every access request is explicitly verified.
