IT Security Blog by Till Oberbeckmann

Blog posts about IT security in general, penetration testing, cloud security and red teaming by Till Oberbeckmann.

Data Protection and Data Security - Account Deletion within Apps soon Mandatory
Data Protection and Data Security - Account Deletion within Apps soon Mandatory
New

A new feature is mandatory account deletion: If users are asked to set up an account for an app, it must also be possible to delete it.

More
The Penetration Testing Execution Standard (PTES) simply explained
The Penetration Testing Execution Standard (PTES) simply explained

PTES is a guide that enables testers to perform effective penetration testing.

More
DOM Invader - The New Feature of Burp Suite
DOM Invader - The New Feature of Burp Suite

Burp Suite quickly and easily detects the XSS issue in DOM-based Cross Site Scripting executed directly in the browser.

More
FORCEDENTRY: iMessage zero-click Exploit in Check
FORCEDENTRY: iMessage zero-click Exploit in Check

An analysis of a Saudi Arabian activist's smartphone revealed that NSO Group used a zero-click exploit against iMessage.

More
What is NIST's Cybersecurity Framework?
What is NIST's Cybersecurity Framework?

A powerful tool, the Cybersecurity Framework helps NIST organize and improve your cybersecurity at the same time.

More
Security Awareness with a Phishing Simulation
Security Awareness with a Phishing Simulation

A phishing simulation is an often used tool to simulate or fake cyber attacks.

More
Pinning of Certificates and Public Keys
Pinning of Certificates and Public Keys

Public key pinning allows you to specify your public key set for a future SSL/TLS connection to your host.

More