The year is drawing to a close – so it’s time for our review of 2018! Above all, the year was marked by numerous live hacking lectures, overnight stays in hotels, serious security gaps and the founding of AWARE7 GmbH.
2018 was all under the flag of Live Hacking & Awareness lectures!
At the end of the year we can look back on over 200 live hacking lectures. From individual training for teachers with 15 people to a full congress hall with simultaneous translation of our low-threshold live hacking show into several languages.
Our shortest presentation was only 10 minutes long. Our longest awareness talk, on the other hand, lasted 180 minutes without a break. Our specialist training courses for computer scientists, engineers and managers, which are designed for two days, are not included.
From time to time we also feel the high density of companies and schools in NRW. The shortest travel times were the lectures in the cities in which we live: Gelsenkirchen and Essen. There we went by bike to the lecture venue. Matteo took on the longest journey. On 13.11 he had a live hacking appointment in Argenbühl-Eglofs. The last village before Switzerland. The fact that it went afterwards in the airplane back to Duesseldorf, in order to participate in a panel discussion on the MEDICA, saved a long car and/or train journey.
In principle, however, 1/3 of the events are approached by train. This keeps the roads clear and improves the CO2 balance. Of the other events, around half have to be reached by car, as there are either follow-up dates or the venues are very difficult to reach by public transport. A week in the Live-Hacking Team looks like this or similar.
Pentests, Phishing Campaigns and Red Teaming Assessment!
In addition to the live hacking shows and awareness lectures, pentests, phishing campaigns and red teamings were also in demand. The latter in particular always gives us great pleasure, as it allows us to play off our research activities of recent years: (IT) security mechanisms. At the end of the year we can say:
- There was no pentest in which a critical vulnerability was not found.
- There was no phishing campaign sent by us that was not successful.
- There was no Red Teaming Assessment that did not find any security problems.
Outlook to 2019: Interactive, individual and cooperative!
The IT security industry is subject to constant change. An always the same lecture, pentest or even a phishing campaign would contradict this in principle:
- Nobody still uses infrared interfaces on mobile phone
- there are no active webshops where the prices are transmitted in the URL and
- no one responds (seriously) to the e-mails of a Nigerian prince.
It is phishing campaigns in the style of Emotet that cause the damage in companies. These are gaping security holes that are exploited with the help of EternalBlue and ensure that the Ransomware (WannaCry, Petya) encrypts all data. And it’s still the unpatched systems that are vulnerable to heartbleed.
These big problems are handled by us in all areas. The pentest is always tested for heartbleed, phishing campaigns simulate current scams and cooperative live hacking is used to present these problems to the public. We believe that in 2019 some security holes will be brought to our attention: There is still a lot to be done. In the area of technical and human IT security.
In this sense, we are looking forward to the challenges and to the new, numerous cooperations!