The focus of ERNW Research is performing Research projects in all areas of IT security - publicly funded projects in cooperation with universities, customer projects, as well as internal research projects.
Our goal is to perform cutting edge research to preserve excellence, and apply our knowledge and research results in highly technical projects for our customers.
Particular fields of attention are the areas of Incident Response, Forensic Computing, Malware Analysis, and Medical Device Security, as well as advanced security assessments.
Following our belief that knowledge must be shared, ERNW Insight focuses on finding and developing the best ways to make ERNW knowledge accessible to all (e.g. by hosting ERNW’s TROOPERS conference).
Following our knowledge-driven company culture, we offer research services to work on both scientific and pragmatic problems in the IT security space. Past funded research activities focused on Security Awareness, Digital Forensics, Reverse Engineering & Vulnerability Analysis, and telecommunications security. Future activities are coordinated by ERNW Research.
We support our customers in implementing incident response processes/preparation as well as in analyzing occurred or suspected incidents. Following common incident response process models, we offer the development of incident preparation plans, immediate and on-site incident response and malware analysis, as well as the compilation of technical forensic reports.
We support our customers implementing incident response processes to be prepared and able to handle incidents as they occur. ERNW delivers services in every step of those models to ensure a fast recovery from the incident. With the help of the so-called common model we focus on the management of incidents and the integration of the incident handling with the processes of an organization. Exact proceeding in evidence collection and incident analysis is another important part of the process. (The incident response process is structured into several phases, which cover a wide range of services. They include the definition of an incident policy, the implementation of pro-active measures, the detection of incidents, the formulation of a response strategy, the report and documentation of an incident and implementing controls to prevent other incidents.)
To collect evidence in a forensically sound manner to be usable in legal proceedings, we document each performed step in detail – especially how evidence has been acquired and preserved. For this we prepare a detailed, comprehensive and credible report. It includes a multi-staged description with on the one hand high-level summaries for legal staff, as well as in-depth technical documentation that allows other experts to monitor every step and to repeat all analysis to reproduce and prove our results independently.
If in the analysis phase of an incident some executable file has been identified, whose functionality is unclear, this might for example be a piece of malware or some custom program implemented by a suspect. IP Addresses or passwords are examples for information that might be of interest. To figure out the functionality of the file, we apply multiple analysis steps and techniques, such as Static Analysis, Automated and Manual Dynamic Analysis and Reverse Engineering.
The environment of a healthcare provider is highly specialized. Various audiences with individual backgrounds, expectations and needs use and rely on a variety of medical devices. A defective or manipulated medical device may be massive threat to a patient’s life and may lead to serious harm. This is why ERNW offers medical device security. We customize methodologies to cover more medicine-exclusive topics such as the interoperability of the devices concerning medical communication standards such as HL7.
We provide assessment services such as penetration testing, audits, red teaming, and (closed-source) product evaluations. While we have developed many defined testing methodologies for different technologies, we mainly focus on highly technical and individual assessments. Examples for specialized assessment expertise comprise IoT/embedded/industrial/medical devices, cloud/virtualization/hosting platforms, Microsoft & Active Directory environments, or network/security appliances.
Penetration tests is an important tool to simulate a targeted attack scenario to evaluate the effectiveness of already implemented security measures and procedures and to demonstrate the potential of such attacks.
Redteaming is an important tool to simulate a targeted attack and APT scenario to evaluate the effectiveness of already implemented security measures and procedures, as well as monitoring and incident detection capabilities and to demonstrate the potential of targeted attacks and to raise awareness for remaining risks. Redteaming starts with the threat modelling phase, where different attack strategies are prepared and evaluated in the context of the customer. Following the actual Redteaming will be performed after a model, that reflects how real-world targeted attacks are conducted. In the end we provide a comprehensive written report including a detailed management summary, and verbal debriefing with the customer. In addition, we offer optional follow-up modules like the creation of a personalized social engineering policy and security awareness training.
Get the latest Informations about technical topics & Trainings within the IT-Security Community and a lot of special insights. Sign up now for our Newsletter:
Thank you for signing up! You’ll receive a notification from out mailinglist manager to finally opt you in.
Recently, I had a brief look at the Froala WYSIWYG HTML Editor (v3.2.0) as there was a post about it on the Full Disclosure mailing list. When targeting a HTML Editor, I guess one of the first things that everybody does is to check for XSS vulnerabilities. So I tried the usual XSS payloads (a […]
The German Federal Office for Information Security (orig., ger., Bundesamt für Sicherheit in der Informationstechnik – BSI) has published our report on Microsoft Office Telemetry. Microsoft has released a set of privacy settings for Office, one of which enables users to configure the type and amount of diagnostic (i.e., telemetry) data that Office may send […]
I have started to have a look at my local installed helpers on macOS. These helpers are used as an interface for applications to perform privileged operations on the system. Thus, it is quite a nice attack surface to search for Local Privilege Escalations. Forklift is an advanced dual pane file manager for macOS. It […]
TLDR: This blogpost presents devi, a tool that can help you devirtualize virtual calls in C++ binaries. It uses Frida to trace the execution of a binary and uncover the call sources and destinations of virtual calls. The collected information can then be viewed in IDA Pro, Binary Ninja, or Ghidra. The plugin adds the […]
Some time ago, we carried out an evaluation of the Digital Health Applications Ordinance (Digitale-Gesundheitsanwendungen-Verordnung, DiGAV) for the Federal Chamber of Psychotherapists in Germany (Bundespsychotherapeutenkammer, BPtK) focusing on the security of digital health applications, often referred to as apps on prescription. The audit was intended to determine to which extent security guidelines, security objectives, and […]