Nerdhorn and Credential Stuffing

Einhorn14

Account or credential stuffing is an attack in which the attacker tries out stolen credentials, usually username / email address and password, on many different websites. This attack can be automated by tools for automation in the web area, such as Selenium, curl or PhantomJS, or special tools such as SNIPR or STORM. This attack […]

Nerdhorn and Phishing

Einhorn15

Phishing refers to attempts to impersonate a trustworthy communication partner via fake websites, e-mails or other messages in order to obtain personal data, for example. As a result, for example account theft or identity theft can be committed or malware can be installed. Phishing is one of the social engineering attacks that exploit the victims’ […]

Nerdhorn: Security vs Usability

Einhorn09

As everywhere in IT security, it is also important in identity management that a measure is both secure and usable. Users can get creative if something is too time-consuming, annoying or otherwise impractical for them. Is there too many steps to authenticate on the notebook? Then the screen is not locked. Does the screen need […]

Cyber Taxi

Car 5189023 960 720

Our Cyber ​​Taxi paper, which was presented at the ESORICS 2020 workshop MSTEC, is also available on arXiv. The lack of guided exercises and practical opportunities to learn about cybersecurity in a practical way makes it difficult for security experts to improve their proficiency. Capture the Flag events and Cyber Ranges are ideal for cybersecurity training. […]

CODE CTF 2020 Cube Apocalypse

Ctf

Recently our CTF 2020 finally took place, which was initially postponed by COVID-19 and now carried out online. Each of the over 30 registered teams received a care package with food, drinks, information, goodies and – of course – a hardware challenge. The board itself was a treat, but the exchange with the participants wasn’t […]