Oneconsult AG is a renowned Swiss cyber security consulting company with approx. 30 employees, offices in Switzerland and Germany, a customer base of 300+ organizations and 1200+ completed security projects worldwide. We are your trustworthy partner for a holistic cyber security approach against external and internal threats such as APT, hacker attacks, malware infection, digital fraud and data leakage. Our core services are penetration tests, ISO 27001 security audits and IT forensics. To protect your organization and mitigate specific information security risks, Oneconsult also offers practical security consulting, security training and virtual security officer services. We have dedicated IT security researchers and a large team of certified penetration testers (OPST, OSCP, etc.), digital forensics experts (GCFE, GREM) and ISO security auditors (ISO 27001 Lead Auditor).
badGPO – Using GPOs for Persistence and Lateral Movement: Slide deck and podcast of Oneconsult talk by Yves Kraft and Immanuel Willi @Hack.lu 2016: Slides / https://www.youtube.com/watch?v=PnFszVBEwBY
“badGPO – Using GPOs for Persistence and Lateral Movement” by Yves Kraft and Immanuel Willi: deepsec.net
by Adrian Schoch
During several months, the content delivery network service provider Cloudflare leaked sensitive information like passwords from millions of websites. This is the story behind it and what your reaction should be.
Oneconsult AG is again sponsoring the international IT security conference “Swiss Cyber Storm“, taking place on 19 October in Lucerne. Oneconsult customers profit from a 15% discount on the conference ticket. Contact us for the discount code on: +41 43 377 22 22.
by Jan Alsenz & Rafael Scheel
This article in German demonstrates how a design security flaw discovered by Oneconsult can be abused in the Microsoft UAC mechanism to allow any scripts and programs to fake a supposedly genuine Microsoft signature.
by Fabian Gonzalez
The HTTP Referer header was defined to determine the origin of a user’s request on the server side. As such, today’s web browsers use this header to communicate the last visited resource when requesting a new one. Since it is often written to a server’s access log, the header may be evaluated or used for other purposes. This may result in security issues. The author describes the problem and provides simple solutions. The article is available in German. [more]
Application penetration tests of banking solutions, online shops, ICS (SCADA systems / DCS), SAP installations, ERP and CRM solutions, CMS, VoIP systems, etc.
Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls
Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.
Subsidiary of Oneconsult AG
Tel +49 89 452 35 25 25
Fax +49 89 452 35 21 10