What We Do

Fill 4

ERNW Universe

ERNW Insinuator

Our company blog is the main source for research and insights created at ERNW, reflections on the information security world, and practical security advice resulting from assessment and consulting projects.

ERNW Research

Our first spin-off focuses on research work of all kinds, which can comprise publicly funded projects, cooperation with universities or fellow researchers, and the supervision and support of ERNW-internal research or methodology-focused projects.

ERNW Insight

Following our belief that knowledge must be shared, ERNW Insight focuses on finding and developing the best ways to make ERNW knowledge accessible to all (e.g. by hosting ERNW’s TROOPERS conference).

ERNW SecTools

The youngest member of the ERNW family broadens the ERNW portfolio by developing IT security related software as measured by our own high standards.

Services

  • service-assessment

    Assessment

    We provide assessment services such as penetration testing, audits, red teaming, and (closed-source) product evaluations. While we have developed many defined testing methodologies for different technologies, we mainly focus on highly technical and individual assessments. Examples for specialized assessment expertise comprise IoT/embedded/industrial/medical devices, cloud/virtualization/hosting platforms, Microsoft & Active Directory environments, or network/security appliances.

  • service-consulting

    Consulting

    Using the insight from (offensive) assessment projects, we also support our customers during design, implementation, and approval of their IT landscapes by offering design/concept/process reviews, security concept development, risk assessments, product evaluation, or network (security) design.

  • service-forensic

    Digital Forensics & Incident Analysis/Response

    We support our customers in implementing incident response processes/preparation as well as in analyzing occurred or suspected incidents. Following common incident response process models, we offer the development of incident preparation plans, immediate and on-site incident response and malware analysis, as well as the compilation of technical forensic reports.

  • service-training

    Training & Knowledge Transfer

    We offer training and knowledge transfer for most areas of IT security. The types of trainings range from video content over on-site trainings to gamified IT security challenges. Specific training offers as well as complete events like our TROOPERS conference can be found on the ERNW Insight pages.

  • service-research

    Research

    Following our knowledge-driven company culture, we offer research services to work on both scientific and pragmatic problems in the IT security space. Past funded research activities focused on Security Awareness, Digital Forensics, Reverse Engineering & Vulnerability Analysis, and telecommunications security. Future activities are coordinated by ERNW Research.

  • service-software

    Security Software

    The experience from operative projects resulted in the identification of product gaps in the IT security space. Acting on the ERNW claim to “Make the world a safer place”, ERNW SecTools focuses on the task to deliver security software to the market – where we see the use of a product resulting in security benefit.

  • service-operations

    Secure IT Operations

    The secure operation of IT systems can be a very specialized task requiring expert knowledge. We are offering the operation of both IT services in a secure way as well as the (secure) operation of IT security services (such as [Web] Application Firewalls, IDPS, or SIEM systems).

Latest Insinuator blog posts

January 14, 2019

TROOPERS19 Training Teaser: Hacking 101

Hi there, like in recent years the popular Hacking 101 workshop will take place on TROOPERS19, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics: Information gathering Network scanning Web application hacking Low-level exploitation …and more!

Read more

January 14, 2019

TROOPERS19 Training Teaser: Windows & Linux Binary Exploitation

Once again Troopers will have its Windows & Linux Binary Exploitation workshop. Its main focus are the ever-present stack-based buffer overflows still found in software today (e.g. CVE-2018-5002, CVE-2018-1459, and CVE-2018-12897) and their differences with regard to exploitation on Windows and Linux systems. If you ever wanted to know the details of the exploit development […]

Read more

January 11, 2019

TROOPERS19 Training Teaser: Hardening Microsoft Environments

“Credential Theft” or “Credential Reuse” attack techniques are the biggest known threats to Active Directory environments. This can be attributed to significant advances in and broad distribution of attack and reconnaissance tools such as mimikatz or Bloodhound. This means that after the first system in an environment is compromised it often takes less than 48 […]

Read more

January 10, 2019

IPv6 Talks & Publications

At first a very happy new year to everybody! While thinking about the agenda of the upcoming Troopers NGI IPv6 Track I realized that quite a lot of IPv6-related topics have been covered in the last years by various IPv6 practitioners (like my colleague Christopher Werny) or researchers (like my friend Antonios Atlasis). In a kind […]

Read more

January 10, 2019

macOS Mojave Hardening Guide

Due to the new release of macOS Mojave in September we updated the El Capitan hardening guide.

Read more
More on More articles on our company blog