What We Do

Fill 4

ERNW Universe

ERNW Insinuator

Our company blog is the main source for research and insights created at ERNW, reflections on the information security world, and practical security advice resulting from assessment and consulting projects.

ERNW Research

Our first spin-off focuses on research work of all kinds, which can comprise publicly funded projects, cooperation with universities or fellow researchers, and the supervision and support of ERNW-internal research or methodology-focused projects.

ERNW Insight

Following our belief that knowledge must be shared, ERNW Insight focuses on finding and developing the best ways to make ERNW knowledge accessible to all (e.g. by hosting ERNW’s TROOPERS conference).

ERNW SecTools

The youngest member of the ERNW family broadens the ERNW portfolio by developing IT security related software as measured by our own high standards.

Services

  • service-assessment

    Assessment

    We provide assessment services such as penetration testing, audits, red teaming, and (closed-source) product evaluations. While we have developed many defined testing methodologies for different technologies, we mainly focus on highly technical and individual assessments. Examples for specialized assessment expertise comprise IoT/embedded/industrial/medical devices, cloud/virtualization/hosting platforms, Microsoft & Active Directory environments, or network/security appliances.

  • service-consulting

    Consulting

    Using the insight from (offensive) assessment projects, we also support our customers during design, implementation, and approval of their IT landscapes by offering design/concept/process reviews, security concept development, risk assessments, product evaluation, or network (security) design.

  • service-forensic

    Digital Forensics & Incident Analysis/Response

    We support our customers in implementing incident response processes/preparation as well as in analyzing occurred or suspected incidents. Following common incident response process models, we offer the development of incident preparation plans, immediate and on-site incident response and malware analysis, as well as the compilation of technical forensic reports.

  • service-training

    Training & Knowledge Transfer

    We offer training and knowledge transfer for most areas of IT security. The types of trainings range from video content over on-site trainings to gamified IT security challenges. Specific training offers as well as complete events like our TROOPERS conference can be found on the ERNW Insight pages.

  • service-research

    Research

    Following our knowledge-driven company culture, we offer research services to work on both scientific and pragmatic problems in the IT security space. Past funded research activities focused on Security Awareness, Digital Forensics, Reverse Engineering & Vulnerability Analysis, and telecommunications security. Future activities are coordinated by ERNW Research.

  • service-software

    Security Software

    The experience from operative projects resulted in the identification of product gaps in the IT security space. Acting on the ERNW claim to “Make the world a safer place”, ERNW SecTools focuses on the task to deliver security software to the market – where we see the use of a product resulting in security benefit.

  • service-operations

    Secure IT Operations

    The secure operation of IT systems can be a very specialized task requiring expert knowledge. We are offering the operation of both IT services in a secure way as well as the (secure) operation of IT security services (such as [Web] Application Firewalls, IDPS, or SIEM systems).

Latest Insinuator blog posts

February 03, 2019

Some Notes on the IPv6 Properties of the Wireless Network @ Cisco Live Europe

Some years ago Christopher wrote two posts (2016, 2015) about the  IPv6-related characteristics of the WiFi network at Cisco Live Europe. To somewhat continue this tradition and for mere technical interest I had a look at some properties of this year’s setting.

Read more

January 29, 2019

TelcoSecDay 2019 – First talks preview

This year we had some excellent submissions for TelcoSecDay.  Here are the first four confirmed speakers who are going to talk about the below mentioned topics:

Read more

January 28, 2019

2019 – Year Of The Blue Dog…

Back from Holidays, you started the year well motivated to make the world a safer place. However, sitting at your desk today  you realize nothing really changed since last year, and you are surfing the web, feeling a bit blue, trying to avoid that pile of emails waiting for you and wondering how you could […]

Read more

January 23, 2019

#TR19 Active Directory Security Track

As some of you might recall we’ve introduced a dedicated “Active Directory Security Track” at last year’s Troopers. For Troopers19 we’ve expanded it to two days (as the SAP Security Track was discontinued), and in the following I’ll provide a list of talks in the track.

Read more

January 16, 2019

TROOPERS19 Training Teaser: Hacking mobile applications

“If it’s a thing, then there’s an app for it!”…We trust mobile apps to process our bank transactions, handle our private data and set us up on romantic dates. However, few of us care to wonder,”How (in)secure can these apps be?” Well… at Troopers 19, you can learn how to answer this question yourself! In […]

Read more
More on More articles on our company blog