Cybersecurity Wiki
In-depth articles on cybersecurity topics.
Identity & Access Management
Access Control models: DAC, MAC, RBAC, ABAC and Zero Trust
Access control is the fundamental security concept of any IT system. This article explains the four main models—Discretionary (DAC), Mandatory (MAC), Role-Based (RBAC), and Attribute-Based (ABAC)—their strengths and weaknesses, practical implementation examples in Active Directory, AWS IAM, and PostgreSQL, as well as the transition to zero-trust access control.
Offensive Security
Active Directory Attacks: Kerberoasting, Pass-the-Hash and Golden Ticket
Learn the most common Active Directory attack techniques—Kerberoasting, Pass-the-Hash, Golden Ticket—and how to defend your Windows infrastructure.
Windows Security
Active Directory Domain Controller: Architecture and Hardening
The domain controller is the central authority in Active Directory environments. This article explains architecture, Kerberos, group policies, hardening measures, and attack vectors.
Anwendungssicherheit
API Security: OWASP API Top 10, Authentication and Best Practices
Comprehensive Guide to API Security: OWASP API Security Top 10 (2023) Fully Explained with Code Examples, API Authentication (API Keys, JWT, OAuth 2.0, mTLS), testing methodologies for REST and GraphQL, tool usage (Burp Suite, Postman, jwt_tool, Nuclei), API discovery, and a security checklist for developers and penetration testers.
Endpoint Security
Application Allowlisting: Windows Defender Application Control Guide
Application allowlisting (formerly known as whitelisting) allows only explicitly approved software to run, thereby fundamentally preventing malware from executing. This article explains WDAC (Windows Defender Application Control) and AppLocker: policy creation, rule types (hash, publisher, path), CI/CD integration, audit mode, bypass techniques, and migration strategies from a "deny-all" environment to a production environment.
Anwendungssicherheit
Application Security Testing (AST): SAST, DAST, IAST and SCA
Application security testing combines four complementary testing methods: SAST (static source code analysis), DAST (dynamic testing of running applications), IAST (internal instrumentation), and SCA (third-party library analysis). This article explains how each method works, its strengths and weaknesses, how to integrate them into CI/CD, and which tools are suitable for which use cases.
Security Operations
Attack Surface Management: Know and Reduce Your External Exposure
Attack Surface Management (ASM) is the ongoing process of discovering, assessing, and monitoring all of an organization’s externally accessible assets. This article explains External ASM (EASM), asset discovery methods, exposure assessment, integration with vulnerability management, and relevant tools (Shodan, Censys, netlas.io, commercial EASM platforms).
Business Continuity
Backup and disaster recovery: ransomware-proof data backup
Backups are the last line of defense against ransomware and data loss. This article explains the 3-2-1-1-0 rule, immutable storage, recovery testing, and modern backup architectures for businesses of all sizes.
Netzwerksicherheit
Bluetooth Security: Vulnerabilities, Attack Types and Protective Measures
Security considerations for wireless Bluetooth connections. Bluetooth attacks such as BlueBorne, BIAS, and BLUFFS enable data extraction and device control w...
Compliance & Standards
BSI IT-Grundschutz: Framework, Building Blocks and Implementation Guide
The BSI IT-Grundschutz is a framework developed by the Federal Office for Information Security that provides companies and government agencies with a systematic methodology for implementing information security—featuring highly detailed, practical components.
Schwachstellenklassen
Buffer Overflow - Stack and Heap Overflow Explained
A buffer overflow occurs when a program writes more data to a buffer than it can hold, causing adjacent memory areas to be overwritten. Buffer overflows enab...
Risikomanagement
Business continuity management (BCM): making companies crisis-proof
Business Continuity Management (BCM) is the organizational framework for maintaining critical business processes during and after crises. This article explains the BCM lifecycle according to ISO 22301, Business Impact Analysis (BIA), recovery strategies, Business Continuity Plans (BCP), crisis management structures, and integration with IT emergency management and ISO 27001.
PKI & Kryptographie
Certificate Transparency (CT) - Public Certificate Audit Log
Certificate Transparency (RFC 6962) is an open framework that records all issued TLS certificates in publicly verifiable, append-only logs. It was developed ...
Compliance & Governance
Cloud compliance: SOC 2, ISO 27017, ISO 27018, CSA STAR and FedRAMP
Cloud compliance encompasses the full range of regulatory requirements and certification standards for cloud services: SOC 2 (Trust Service Criteria), ISO 27017 (cloud-specific security controls), ISO 27018 (data protection in the cloud), CSA STAR (Cloud Security Alliance), FedRAMP (U.S. federal agencies), C5 (BSI), and EUCS (EU Cloud Scheme). This article explains the differences, requirements, and certification processes.
Cloud Security
Cloud detection engineering: attack detection in AWS, Azure and GCP
Cloud Detection Engineering focuses on the development, testing, and maintenance of detection rules for attacks on cloud infrastructures (AWS, Azure, GCP). This article explains the basics: CloudTrail/Activity Logs as data sources, Detection-as-Code approaches (Sigma, Terraform), ATT&CK for Cloud Coverage, specific detection rules for common cloud attacks (credential theft, S3 data exfiltration, privilege escalation), false positive management, and the establishment of a cloud detection engineering process.
Cloud Security
Cloud IAM security: securing AWS, Azure and GCP properly
Cloud Identity and Access Management Security: AWS IAM (Least Privilege, Permission Boundaries, Service Control Policies, IAM Access Analyzer), Azure RBAC + Entra ID (Custom Roles, Conditional Access, Managed Identities), GCP IAM (Workload Identity Federation, Organization Policies), Service Account Security, Cloud-native Secret Management (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), Cross-Cloud Identity Federation and CSPM Integration.
Cloud Security
Cloud Key Management: AWS KMS, Azure Key Vault and HashiCorp Vault
Cloud Key Management Services (KMS) protect cryptographic keys in the cloud. This article compares AWS KMS, Azure Key Vault, and HashiCorp Vault: key types (CMK, DEK, KEK), envelope encryption, HSM integration, key rotation strategies, BYOK (Bring Your Own Key), HYOK (Hold Your Own Key), access policies, and compliance requirements (FIPS 140-2, BSI).
Sicherheitsarchitektur
Cloud Security: Security in AWS, Azure and GCP - The complete guide
Cloud Security Explained in Detail: The Shared Responsibility Model, Common Misconfigurations and How to Avoid Them, Secure Cloud Architecture, CSPM, IAM Security, Encryption, Compliance Requirements, and Best Practices for AWS, Azure, and Google Cloud.
Cloud Security
Container security and Kubernetes hardening: The complete guide
Container and Kubernetes Security from the Ground Up: The 4C Model, Docker Image Hardening (non-root, distroless, multi-stage), Container Scanning with Trivy and Grype, Kubernetes RBAC, Pod Security Standards (restricted), NetworkPolicy (deny-all + allowlist), secrets management with External Secrets Operator and Vault, runtime security with Falco and eBPF, serverless security, supply chain security with Cosign/SLSA, CI/CD pipeline, and Cloud-Native Security Maturity Model.
Schwachstellenklassen
CORS - Cross-Origin Resource Sharing Fehlkonfiguration
CORS misconfigurations with wildcard origins let attackers send cross-site requests with user credentials. How to detect and fix insecure CORS policies.
Compliance
Critical infrastructure (KRITIS): definition, protection and NIS2
KRITIS - Critical Infrastructure in Germany: Which sectors are affected, what cybersecurity obligations apply, and how the NIS2 Directive strengthens protection.
Kryptographie
Cryptography: encryption, algorithms, PKI and post-quantum
Cryptography is the technical foundation of IT security. This article explains symmetric and asymmetric encryption (AES, RSA, ECC), hash functions and password hashing (bcrypt, Argon2), digital signatures, PKI hierarchies, TLS 1.3 with specific Nginx configurations, post-quantum cryptography (ML-KEM, ML-DSA), BSI TR-02102 recommendations, and common implementation errors in practice.
Malware
Cryptojacking: How to Detect and Prevent Unauthorized Crypto Mining
Cryptojacking secretly uses victims' computing power to mine cryptocurrency via browser scripts or malware — how to detect and prevent unauthorized mining.
Governance, Risk & Compliance
Cybersecurity Frameworks: NIST CSF, ISO 27001, CIS Controls Compared
Cybersecurity frameworks organize security measures and enable systematic risk reduction. The most important frameworks in the DACH region: NIST CSF 2.0 (function-based), ISO 27001 (certifiable), CIS Controls v8 (concrete and prioritized), BSI IT-Grundschutz (German, model-based). This comparison explains the strengths, weaknesses, and areas of application for each framework, as well as mapping possibilities between the standards.
Compliance & Governance
Data Governance: Managing Data as an Enterprise Asset Systematically
Data governance is the organizational and technical framework for the secure, compliant, and value-adding management of corporate data. This article explains the data governance framework, roles (data owner, steward, custodian), data classification, data catalog, data quality, lineage, and compliance integration (GDPR, ISO 27001).
Datenbank-Sicherheit
Database security: securing SQL Server, MySQL and PostgreSQL
Practical Guide to Database Security: Hardening SQL Server, MySQL, and PostgreSQL; access control and least privilege; audit logging; encryption at rest and in transit; SQL injection protection; and database monitoring. Includes specific SQL commands and configuration examples.
Bedrohungslandschaft
DDoS attacks: types, defenses and the current threat situation
DDoS Attacks Fully Explained: Volumetric, Protocol, and Application Layer Attacks—How Botnets Work, the Different Types of DDoS Attacks, and How Businesses Can Protect Themselves Effectively.
DevSecOps
DevSecOps tools comparison: SAST, DAST, SCA and Secrets Scanning
A structured comparison of the most important DevSecOps tools for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secrets scanning. The article explains the intended use, strengths, and limitations of Semgrep, SonarQube, Snyk, OWASP ZAP, Nuclei, Trivy, Gitleaks, and other tools, as well as their integration into CI/CD pipelines (GitHub Actions, GitLab CI).
DevSecOps
DevSecOps: Integrating security into CI/CD pipelines
A Practical Guide to DevSecOps Implementation: How to integrate security testing into CI/CD pipelines, which tools to use for SAST, DAST, SCA, and container scanning, and how to incorporate security findings into the development workflow. Includes concrete examples using GitLab CI and GitHub Actions.
E-Mail-Sicherheit
DKIM - DomainKeys Identified Mail
DKIM is an email authentication protocol that cryptographically signs outgoing emails, thereby ensuring that the message has not been tampered with on its way to the recipient.
E-Mail-Sicherheit
DMARC - Domain-based Message Authentication, Reporting and Conformance
DMARC is an email authentication protocol that builds on SPF and DKIM and enables domain owners to prevent email spoofing and phishing attacks.
Netzwerksicherheit
DMZ - Demilitarized zone in network security
The DMZ (Demilitarized Zone) is an isolated network segment between the Internet and the internal network. Architecture, use cases, advantages and disadvantages, and best practices.
Compliance & Standards
DORA - Digital Operational Resilience Act
DORA is an EU regulation that, starting in January 2025, will impose mandatory requirements on financial firms regarding digital operational resilience, ICT risk management, and incident reporting.
Endpoint-Sicherheit
EDR in the company: Deployment, Tuning and Incident Response
Endpoint Detection and Response (EDR) is the critical security layer for modern endpoints. This guide explains EDR architecture and deployment (CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black), how to properly configure EDR alerting (avoiding alert fatigue), how to use EDR data for threat hunting, and how to integrate EDR with SOAR and SIEM. Includes a comparison of EDR vs. XDR vs. MDR.
E-Mail-Sicherheit
Email Security Architecture: DMARC, SPF, DKIM, BIMI and MTA-STS
A Complete Email Security Architecture Explained: SPF (Sender Policy Framework) prevents IP spoofing, DKIM (DomainKeys Identified Mail) cryptographically signs emails, and DMARC (Domain-based Message Authentication) combines both and establishes policies for handling failures. BIMI enables logo display in email clients as a trust signal. MTA-STS and TLS-RPT secure the transport. Includes phased implementation, DNS configuration, and monitoring.
E-Mail-Sicherheit
Email security gateway: stopping phishing and malware
Email Security Gateway Implementation: SPF/DKIM/DMARC Enforcement, Anti-Phishing (URL Rewriting, Sandboxing), anti-malware (attachment scanning, zero-day protection), Business Email Compromise (BEC) detection, comparison of secure email gateways (Microsoft Defender for Office 365, Proofpoint, Mimecast, Hornetsecurity), Email archiving for compliance, enforcing TLS encryption, and configuring DMARC reports.
E-Mail-Sicherheit
Email security: SPF, DKIM, DMARC, BIMI and MTA-STS in detail
Comprehensive Email Security Guide: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Reporting and Enforcement), BIMI (Brand Indicators for Message Identification), MTA-STS, and DANE. Includes DNS configuration examples, common misconfigurations, phased rollout, and debugging tools.
Security Operations
Endpoint Security: EDR, EPP and holistic device protection
Endpoint security protects all endpoints—laptops, servers, and mobile devices. From traditional antivirus to EDR and XDR: technologies, detection methods, hardening measures, and choosing the right solution.
Security Operations
Enterprise Patch Management: Systematic Vulnerability Remediation
Patch management is the structured process of identifying, assessing, testing, and installing software updates. This article explains the complete PM process: asset inventory, patch sources, risk assessment, testing procedures, rollout strategies (WSUS, SCCM, Ansible, AWS SSM), emergency patching, and compliance requirements according to ISO 27001 (A.8.8) and NIS2.
Netzwerksicherheit
Firewall and NGFW: Understanding Next-Generation Network Protection
From the classic packet-filter firewall to the next-generation firewall (NGFW) with deep packet inspection, IPS, SSL inspection, and application control. Configuration examples, firewall generations, and guidance on which solution is right for which business.
Compliance & Recht
GDPR and IT security: technical requirements, TOMs and implementation
The GDPR explicitly requires technical security measures (Art. 32). This comprehensive article clarifies the intersection between data protection law and IT security: TOMs (technical and organizational measures) across the 8 areas of protection, complete TOM documentation, a 72-hour reporting obligation following data breaches (Art. 33/34), data protection impact assessment (DPIA under Art. 35), privacy by design (Art. 25), GDPR-compliant IT architecture, ISO 27001 alignment, and the risk of fines.
Compliance
GRC: Governance, risk management and compliance for companies
Introduction to GRC (Governance, Risk Management, and Compliance): What GRC means, how a GRC framework is structured, which tools support it, how GRC relates to ISO 27001, NIS2, and the GDPR, and why integrated GRC is more efficient than siloed compliance approaches.
Schutzmechanismen
HSTS - HTTP Strict Transport Security
HSTS forces browsers to use HTTPS exclusively after the first connection. How to configure HSTS headers, preloading and common implementation pitfalls.
Schwachstellenklassen
HTTP Parameter Pollution (HPP) - Parameter-Verschmutzung
HTTP Parameter Pollution sends duplicate parameter names to exploit inconsistent backend parsing. How HPP enables security bypass and WAF evasion attacks.
Identitätsschutz
Identity & Access Management (IAM): Managing Identities Securely
IAM is the foundation of any zero-trust architecture. This article explains identity lifecycle management, RBAC vs. ABAC, single sign-on, privileged access management, MFA methods, and modern identity attacks on identity systems.
Identity & Access Management
Identity Governance (IGA): Joiner-Mover-Leaver and Access Certs
Identity Governance and Administration (IGA) encompasses the processes for managing user identities throughout their entire lifecycle: creation during onboarding, updates during role changes, and deactivation during offboarding. IGA systems automate the assignment of permissions, enforce segregation of duties (SoD), and enable periodic access certifications.
Identity Security
Identity theft and account takeover: attacks and protective measures
How attackers take over accounts and misuse identities: credential stuffing, password spraying, SIM swapping, and MFA bypass techniques. Protective measures for businesses using Microsoft Sentinel, Conditional Access, and FIDO2.
Web-Sicherheit
IDOR - Insecure Direct Object Reference
Insecure Direct Object Reference (IDOR) is an access control vulnerability in which an application uses direct references to internal objects (user IDs, file...
Mobile Security
IMSI catcher: How it works, legal situation and protective measures
IMSI catchers are devices that force mobile phones to connect to them, thereby capturing call data and locations. Technology, Section 100i of the Code of Criminal Procedure, detection, and protection explained.
Security Operations
Incident Response: Detecting, Containing and Recovering from Cyber Incidents
Incident Response (IR) is the structured process for detecting, containing, resolving, and following up on cybersecurity incidents. A well-prepared IR process determines the extent and duration of the damage caused by an attack.
Compliance & Recht
Information Security Officer (ISB)
The ISB is responsible for the ISMS, risk analyses, and compliance. Responsibilities, qualifications, NIS 2 requirements, and a comparison of internal versus external ISBs for companies.
Compliance & Standards
ISO 27001 - Information Security Management System (ISMS)
ISO 27001 is the international standard for information security management systems (ISMS). It defines requirements for the establishment, operation, and continuous improvement of information security.
Grundlagen
IT Asset Management (ITAM) and Cybersecurity: Inventory Everything
Why comprehensive IT asset management is the foundation of every security strategy: CMDB concepts, software asset management, SBOM, hardware lifecycle, automated discovery tools, and how ITAM relates to ISO 27001, NIS2, and vulnerability management.
Security Operations
IT emergency management: incident response and crisis management
A structured guide to IT incident management: from developing an incident response plan and managing the first 72 hours following a cyberattack to legal reporting requirements under NIS2 and the GDPR. Includes templates and checklists.
Sicherheitsberatung
IT security concept: structure, content and implementation
An IT security policy systematically documents all measures taken to protect information security within the organization. It serves as the foundation for an ISMS in accordance with ISO 27001 or BSI IT-Grundschutz and is a prerequisite for certification.
Netzwerksicherheit
Lateral Movement: Detection and defense in the corporate network
Lateral movement refers to the techniques attackers use to move through a network after gaining initial access in order to compromise additional systems. This article explains the most common techniques (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, WMI/PSExec), detection strategies using Windows event logs and EDR, as well as defensive measures (Local Admin Password Solution (LAPS), Protected Users security group, SMB signing, and network segmentation).
Server Security
Linux Server Hardening: CIS Benchmark, SSH, auditd and AppArmor
Comprehensive hardening guide for Linux servers based on the CIS Benchmark Level 2. SSH configuration, kernel parameters, auditd logging, AppArmor/SELinux, Fail2ban, automatic security updates, and compliance checks using Lynis.
Angriffstechniken
Living off the Land (LotL) - LOLBins and LOLBas
"Living off the Land" (LotL) refers to attack techniques in which attackers use only legitimate tools and utilities already present on the system (...
Bedrohungslandschaft
Malware: types, analysis and protective measures
From viruses and Trojans to ransomware, spyware, and rootkits—an overview of all types of malware, the current threat landscape, analysis methods, and proven protective measures for businesses.
Angriffstechniken
Man-in-the-middle attacks: techniques, detection and protection
Man-in-the-middle (MITM) attacks position an attacker between communicating parties—silently, often invisibly. All techniques explained: ARP spoofing, SSL stripping, DNS spoofing, BGP hijacking, AiTM phishing.
Endpoint Security
Mobile Device Management (MDM): Managing Smartphones and Tablets
Mobile Device Management (MDM) enables the centralized management of smartphones, tablets, and laptops. This article explains MDM architectures, enrollment methods (DEP/Apple Business Manager, Android Enterprise Zero-Touch), compliance policies, app management (MAM), BYOD vs. company-owned devices, and a product comparison (Intune, Jamf, VMware Workspace ONE).
Endpoint Security
Mobile security: Android and iOS enterprise hardening, MDM and BYOD
Comprehensive Guide to Mobile Security for Businesses: Threat Profile (Malicious Apps, Smishing, Vishing, Network Risks), MDM vs. MAM, BYOD/COPE/COBO Models, iOS Enterprise Hardening (Supervised Mode, Per-App VPN, Lockdown Mode), Android Enterprise (Work Profile, Fully Managed, Knox), Mobile Threat Defense (Lookout, Zimperium, Microsoft Defender for Mobile), Conditional Access, GDPR-Compliant MDM Policies, and Incident Response for Compromised Mobile Devices.
Netzwerksicherheit
Network Access Control (NAC): 802.1X, RADIUS and Zero Trust
Comprehensive Guide to Network Access Control (NAC): IEEE 802.1X port-based access control, RADIUS servers (FreeRADIUS, Cisco ISE, Microsoft NPS), EAP-TLS and PEAP, Posture Assessment (Patch Status, Antivirus, Disk Encryption), VLAN-Based Quarantine, BYOD Strategies (MDM Enrollment, ZTNA), Guest Networks, MAC Address Bypass for IoT, and a Comparison of Leading NAC Solutions (Cisco ISE, Aruba ClearPass, Portnox, Forescout). Includes a rollout roadmap and NAC as a zero-trust building block.
Netzwerksicherheit
Network Detection and Response (NDR): Threat Detection in Networks
Network Detection and Response (NDR) analyzes network traffic using machine learning, behavioral analysis, and threat intelligence to detect threats that bypass endpoint solutions. NDR solutions (Darktrace, ExtraHop, Vectra AI, Cisco Secure Network Analytics) detect: command-and-control traffic, lateral movement, data exfiltration, and encrypted malware. Integration with XDR platforms and SOC workflows.
Security Operations
Network Forensics: Reconstructing Attacks in Network Traffic
Network forensics is the analysis of network data to investigate security incidents. This article explains capture strategies (TAP, SPAN, NetFlow), analysis tools (Wireshark, Zeek, Suricata, NetworkMiner), typical attack signatures in network traffic, evidence preservation in accordance with ISO/IEC 27037, and the limitations of network forensics when dealing with encrypted traffic.
Netzwerksicherheit
Network security: architectures, technologies and best practices
Network security protects corporate networks from breaches, data loss, and tampering. A practical overview of firewalls, network segmentation, Zero Trust, common attacks, and penetration testing.
Compliance & Standards
NIS2 Directive: Requirements, Obligations and Implementation for Companies
The NIS2 Directive (Network and Information Security Directive 2) is an EU regulation that harmonizes and strengthens cybersecurity requirements for critical and important infrastructure.
Penetrationstest
OSINT Methods: Tools and Techniques for Open Source Intelligence
OSINT (Open Source Intelligence) refers to the systematic collection and analysis of publicly available information for security and reconnaissance purposes. This article explains OSINT methods for corporate research: DNS enumeration (dnsx, amass, subfinder), Google Dorking, Shodan/Censys, Certificate Transparency, social media OSINT, WHOIS analysis, and passive reconnaissance frameworks such as Maltego and SpiderFoot.
Offensive Security
OSINT: Open Source Intelligence in Cybersecurity
OSINT (Open Source Intelligence) Explained: How attackers and penetration testers use publicly available information, what tools are used, and how companies can reduce their OSINT attack surface.
OT-Sicherheit
OT/ICS Industrial Security: Protection for Plants and KRITIS Operators
Operational Technology (OT) and Industrial Control Systems (ICS) protect physical processes—from power grids to manufacturing facilities. This article explains the Purdue model, the IEC 62443 zone-conduit model and security levels, OT-specific attack vectors (Stuxnet, TRITON, Industroyer), industrial protocols (Modbus, DNP3, Profinet, OPC UA), asset discovery with Nozomi/Claroty, network segmentation, patch management in OT environments, OT-SIEM integration and incident response, as well as NIS2 and KRITIS requirements for KRITIS operators.
Schwachstellenklassen
Path Traversal - Verzeichnisüberschreitung (Directory Traversal)
Path traversal (CWE-22, OWASP A01:2021) allows attackers to access files outside the permitted directory using ../ sequences. Objective: Reading sensitive fi...
Offensive Security
Penetration Test (Pentest): Methods, Process and Results Explained
A penetration test is an authorized security test in which experts simulate real-world cyberattacks to identify vulnerabilities in IT systems, networks, or applications.
Penetration Testing
Penetration Test Methodology: PTES, OWASP, OSSTMM and BSI Guidelines
Comparison of leading penetration testing methodologies: PTES, OWASP Testing Guide, OSSTMM, BSI Guidelines (BSI-CS 115), and TIBER-EU for the financial sector. Including phase models, scope templates, test types, reporting standards, and penetration testing certifications for German companies.
Bedrohungslandschaft
Phishing and Social Engineering: Attack Methods and Defense
Complete Guide to Phishing and Social Engineering: Phishing Taxonomy (mass phishing, spear phishing, whaling, BEC, smishing, vishing, QR code phishing, AiTM), technical attack techniques (domain spoofing, phishing kits), psychological manipulation principles (Cialdini), pretexting, technical protective measures (DMARC, phishing-resistant MFA, email gateway), phishing simulations, training content, and incident response. Includes current AI phishing trends for 2024.
Penetrationstest
Physical penetration testing: methodology, tools and legal principles
Physical penetration testing evaluates physical security measures: access control, tailgating, lock picking, badge cloning, OSINT for physical targets, and on-site social engineering. This article explains the methodology (PTES Physical), tools (Proxmark3, Flipper Zero, lock picks), legal safeguards (authorization letters), and protective measures against physical attacks.
Grundlagen
Physical Security: Servers, Office and Access Control in IT Security
Physical security is the often-overlooked foundation of information security. This article covers server room security, access control systems, the clean desk policy, laptop theft protection, physical attack vectors (Evil Maid, USB drops), and how physical security measures relate to ISO 27001 and BSI IT-Grundschutz.
Identity Security
Privileged Access Management (PAM): Protecting Privileged Accounts
Privileged Access Management (PAM) protects the most powerful accounts in an IT environment—domain administrators, root accounts, and service accounts. This article explains PAM architecture (vault, session recording, just-in-time access), compares PAM products (CyberArk, Delinea, BeyondTrust, HashiCorp Vault, Microsoft PIM), the tiered admin model, just-in-time privileges, break-glass accounts, GDPR-compliant session recording, and integration with SIEM and SOAR.
Privilege Management
Privileged Access Workstation (PAW): Secure Admin Workstations Guide
Privileged Access Workstations (PAWs) are dedicated, hardened workstations used exclusively for administrative tasks. Microsoft’s recommendation for protecting privileged identities in Active Directory and Azure. PAWs separate administrative activities from everyday web browsing, email, and other sources of risk. This article explains PAW deployment models (physical, virtual, cloud), hardening configuration, integration into a tiered administration model, and an alternative LAPS-based clean-source principle.
Schwachstellenklassen
Prototype Pollution - JavaScript-Objekt-Manipulation
Prototype pollution modifies JavaScript's Object.prototype to affect all objects. How this enables code execution and how to prevent the attack.
Schwachstellenklassen
Race Condition (TOCTOU) - Timing-Based Security Vulnerability
Race conditions (CWE-362) occur when a system's security depends on two or more operations being executed in a specific order, but parallel execution vi...
Bedrohungslandschaft
Ransomware: Protection, Detection and Response to Encryption Attacks
Ransomware is malware that encrypts a victim’s data or locks their systems and demands a ransom to unlock them. It is one of the most costly cyber threats worldwide.
Offensive Security
Red Teaming: Conducting Attack Simulations Professionally
Comprehensive Guide to Red Team Operations: Differences from penetration testing, the TIBER-EU framework, red team phases (from reconnaissance to reporting), C2 infrastructure, commonly used TTPs, and how organizations benefit from red team engagements.
Secure Development
Secure Coding Practices: Anchoring security in the development process
Secure Coding and Secure SDLC: From threat modeling and STRIDE to language-specific security patterns (Python, Java, Node.js, Go) for input validation, SQL injection, authentication, and cryptography, through to SAST/DAST/SCA in CI/CD, security code reviews, container security, SBOM, secrets management, and the OWASP SAMM maturity model. A practical guide for development teams without their own security department.
Strategie & Architektur
Security Architecture: Frameworks, Patterns and Implementation Guide
A Comprehensive Guide to Security Architecture: Zero Trust, Defense in Depth, NIST CSF, Cloud Security Architecture, Network Segmentation, and How Security Architecture Decisions Prevent or Hinder Attacks. Includes detailed architectural diagrams and implementation guidelines.
Security Operations
Security awareness training: How the human firewall really works
Security Awareness Training Done Right: Why Traditional One-Time Training Sessions Fail, What Phishing Simulations Actually Measure, and How a Sustainable Awareness Program Reduces Cyber Risks.
Governance
Security Maturity Models: CMMI, C2M2, BSIMM and OpenSAMM in comparison
Security maturity models help organizations measure the current maturity level of their cybersecurity capabilities and improve them systematically. This article explains the most important frameworks: C2M2 (Cybersecurity Capability Maturity Model), BSIMM (Building Security In Maturity Model), OpenSAMM (Software Assurance Maturity Model), ISM3, as well as their integration into ISO 27001 and NIS2 compliance.
Security Operations
Security metrics and KPIs: making security measurable
Security metrics are proof that investments in IT security are effective. This article explains which KPIs are relevant for operations (MTTD, MTTR, FP rate), vulnerability management (patch compliance, MTTR), awareness training (phishing click-through rate), compliance (audit compliance rate), and strategic board reports—complete with specific target values and calculation formulas.
Security Operations
Security Operations Center (SOC) and SIEM: monitor cybersecurity 24/7
SOCs and SIEMs form the foundation of any professional threat detection system. This article explains how to set up and operate an SOC, SIEM architecture, use cases, alert triage, and addresses the question: In-house SOC or MSSP?
Schwachstellenklassen
Server-Side Template Injection (SSTI) - Template Engine Attacks
SSTI occurs when user input is inserted into template engines without escaping. How attackers exploit template syntax for remote code execution.
Schwachstellenklassen
Session Fixation - How Attackers Hijack Sessions via Preset IDs
Session fixation attacks provide victims with a pre-set session ID before login. How attackers hijack authenticated sessions and how to prevent it.
Security Operations
SOAR: Security Orchestration, Automation and Response implementieren
Security Orchestration, Automation, and Response (SOAR) automates repetitive SOC tasks and reduces the Mean Time to Respond (MTTR) from hours to minutes. This guide explains SOAR architecture and platforms (Splunk SOAR, Microsoft Sentinel, Palo Alto XSOAR, TheHive), how to create playbooks for common incidents (phishing, malware, credential compromise), and how to integrate SOAR with SIEM, EDR, and ticketing systems.
Bedrohungslandschaft
Social engineering: psychological manipulation tactics in IT security
Social Engineering Explained: Pretexting, Baiting, Tailgating, Quid pro Quo—all types of attacks, the psychological tactics behind them, and effective countermeasures.
DevSecOps
Software Supply Chain Security: SLSA, Sigstore and Dependencies
Software supply chain security protects the entire software development process from compromise—from source code repositories to build systems and package registries. SLSA (Supply-chain Levels for Software Artifacts) defines security levels for build processes. Sigstore enables transparent code signing. This article explains SolarWinds, XZ Utils, and other supply chain attacks, as well as practical countermeasures.
E-Mail-Sicherheit
SPF – Sender Policy Framework: Prevent Email Spoofing with DNS Records
SPF is a DNS-based email authentication protocol that specifies which mail servers are authorized to send emails on behalf of a domain, thereby preventing email spoofing.
Bedrohungslandschaft
Supply chain attacks: SolarWinds, Log4Shell and the invisible threat
Supply Chain Attacks Explained: How SolarWinds, Log4Shell, and XZ Utils Work, Why They Are So Dangerous, and How Companies Can Secure Their Software Supply Chain.
Security Operations
Threat Intelligence: Understanding Attackers Before They Strike
Threat Intelligence (TI) is the systematic collection and analysis of information about threat actors, attack methods, and IoCs. From OSINT to commercial feeds: how companies use TI in their operations.
Security Architecture
Threat Modeling Frameworks: STRIDE, PASTA, LINDDUN and MITRE ATT&CK
Complete Guide to Threat Modeling: The Four Core Questions, Data Flow Diagrams (DFD) as a Foundation, STRIDE Framework (from Spoofing to Elevation of Privilege) with Workshop Instructions, PASTA (7-Phase, Business-Oriented), LINDDUN (Privacy Threats, GDPR Art. 25), DREAD Scoring, MITRE ATT&CK Integration; Tool Comparison (OWASP Threat Dragon, Microsoft TMT, IriusRisk, Threagile), Threat Modeling in Agile/DevSecOps, ROI Calculation, and ISO 27001 Compliance.
Compliance & Standards
TISAX (Trusted Information Security Assessment Exchange)
An industry-specific security standard for the automotive industry, managed by the ENX Association. It is based on the VDA ISA questionnaire and is required ...
Hardware-Sicherheit
TPM (Trusted Platform Module): Hardware-Based Security for Enterprises
A dedicated security chip on the motherboard that securely stores cryptographic keys, verifies system integrity during boot, and serves as a hardware root of...
Security Operations
UEBA (User and Entity Behavior Analytics)
UEBA detects insider threats and compromised accounts by baselining normal behavior and alerting on statistical anomalies across users and systems.
Vulnerability Management
Vulnerability Disclosure: CVD, VDP, Bug Bounty and Responsible Disc.
How are security vulnerabilities responsibly reported and addressed? This article explains Coordinated Vulnerability Disclosure (CVD), the difference between VDP and bug bounty programs, Security.txt (RFC 9116), responsible disclosure policies with safe harbor clauses, bug bounty platforms (HackerOne, Bugcrowd, Intigriti, YesWeHack), scope definition, triage processes, CVSS scoring, payout structures, program metrics, and the legal situation for security researchers in Germany under Section 202a of the German Criminal Code (StGB).
Security Operations
Vulnerability Management: Systematic Approach in Practice
Vulnerability management is more than just regular scans—it is a continuous process involving detection, assessment, prioritization, remediation, and verification. This article explains the full VM program: scanner selection, CVSS vs. EPSS prioritization, patch SLAs, metrics, and integration with DevSecOps and ISMS.
Security Operations
Vulnerability management: The complete guide
Implementing systematic vulnerability management: from detection and prioritization to remediation—using CVSS, EPSS, and patching strategies.
Secure Development
Web application security: OWASP Top 10, security testing and WAF
Comprehensive Guide to Web Application Security: OWASP Top 10 (2021) with secure code examples, complete WSTG testing methodology (SQL injection, XSS, SSRF, IDOR, business logic), Burp Suite Pro Workflow, Nuclei Scanning, Security Headers, WAF Configuration, and Compliance Requirements (PCI DSS, BSI IT-Grundschutz, ISO 27001, NIS2). For developers, security teams, and clients commissioning web penetration tests.
Angriffstechniken
Web Cache Poisoning - Cache-Based Attack
Web cache poisoning uses unkeyed HTTP headers to inject malicious content into caches. How attackers exploit this to serve harmful responses to all users.
Offensive Security
Web scraping: techniques, legal situation and defensive measures
Web scraping refers to the automated extraction of web content. This article provides a concise overview of the techniques involved, the legal framework under the GDPR and the German Copyright Act (UrhG), detection methods, defense strategies, and its relevance to OSINT.
Endpoint-Sicherheit
Windows Server Hardening: CIS Benchmark and Security Baseline
Systematic hardening of Windows Server 2019/2022 according to CIS Benchmark Levels 1/2 and the Microsoft Security Baseline: Disable services, disable SMB v1, restrict NTLM, enable LAPS v2 for local administrator passwords, PowerShell hardening, Windows Firewall, audit policies (auditpol), Protected Users security group, Credential Guard, AppLocker, and enforce TLS 1.3. Includes prioritized PowerShell scripts and compliance checks.
Netzwerksicherheit
WLAN security in the company: From WPA3 to 802.1X
Enterprise Wi-Fi Security: WPA3-Enterprise vs. WPA3-SAE, 802.1X Authentication (RADIUS + EAP-TLS/PEAP), SSID Segmentation (Corporate vs. BYOD vs. Guests), Rogue Access Point Detection, Wi-Fi IDS/IPS, PMF (Protected Management Frames), Evil Twin Attack Detection, Secure Wi-Fi Configuration for Cisco, Aruba, and Ubiquiti, and Wi-Fi Penetration Testing Methodology.
Web-Sicherheit
XXE - XML External Entity Injection
XXE Injection exploits XML parsers to read local files, perform SSRF or execute code. How the attack works and how to disable external entity processing.
Sicherheitsarchitektur
Zero Trust - Modern Security Architecture Principle
Zero Trust is a security paradigm based on the principle of "never trust, always verify": No user, device, or network segment is implicitly trusted—every access request is explicitly verified.
