Author: Patrick Sauer

Penetration test in and from Frankfurt am Main: Company binsec GmbH as german security Service Provider and pentest firm from Germany

Leave a Comment

German penetration test company from Frankfurt am Main: binsec GmbH has its headquarters in Frankfurt am Main in the middle of Germany. Founded in 2013 by the IT security department of a financial service provider, binsec GmbH is now fully owned by the company’s management and offers penetration test (pentest) in and from Frankfurt (Germany).

While many penetration testing provider in Germany advertise the implementation of penetration test as a service in Frankfurt am Main or even rent a mailbox in Frankfurt claiming to sit there, binsec GmbH has had its headquarters in the German financial metropolis since it was founded.

  • Pentest Mobile Banking App (Android und iOS)
  • Pentest Payment API (z.B. REST)
  • Pentest Online Banking
  • Pentest Depot Banking Portal
  • Credit Card (CC) Payment Gateway Penetration Test
  • PCI DSS Compliance Penetration Testing
  • PCI DSS Compliance Segmentierungstest (Scpoe Segmentation Test)

How to learn Kali Linux?

Leave a Comment

I read this a lot on the internet: I’m making familiar myself with Kali Linux! I want to learn Kali Linux! I’ve already installed Kali – now what? But what is Kali Linux anyway? How to learn Kali Linux? And is it really right for it to be so much in the spotlight?

What is Kali Linux?

Kali Linux is a free Linux distribution. It describes itself as an operating system aimed at various information security tasks – such as performing penetration tests, security research, computer forensics and reverse engineering.

What is Kali Linux based on?

Kali Linux is first of all just a Linux distribution based on Debian GNU/Linux, like Ubuntu Linux for example. Debian itself is a free open source operating system: Debian GNU/Linux is based on the basic system tools of the GNU project and the Linux kernel. It exists since 1993 and is appreciated by many Linux users as a very stable and free server operating system, but is also used as a desktop operating system. It has an exceptionally mature system for software package management, and is the mother – or father – of many other Linux distributions as well as Kali Linux. Kali Linux uses Debian Testing as its base. There is Debian in stable – that is the stable and well tested branch of Debian, which is always provided with security updates for a few years, but not with new functionalities. Kali is based on Debian Testing to get new versions of software packages on a regular basis. The publisher Offensive Security uses the large database of software packages from Debian Testing and complements it with other – free open source tools – for hacking or penetration testing. In principle, Kali Linux is just another Linux distribution based on Debian Testing with a few changes or additions.

How popular is Kali Linux?

Kali Linux is very popular, especially among hacking beginners. Primarily because it has the reputation as “the hacker Linux distribution” and is positioned accordingly in Offensive Security’s marketing. But most importantly, you don’t have to download and install various hacking tools from different sources, but can directly try and experiment with the installed hacking tools. That is the advantage of Kali Linux!

Is Kali Linux used in professional penetration testing?

Kali Linux is less used in professional penetration testing. On the one hand, you usually don’t need all the installed tools, but you need a stable Linux distribution for penetration testing instead that is not based on Debian Testing. There are penetration testers who have to use Windows as their operating system due to internal company requirements – my personal condolences at this point – and then use Kali Linux as a virtual machine. This can make sense in this setup, but I prefer to use Debian stable as operating system for penetration testing.

Now how do I learn Kali Linux?

Actually, the question how to learn Kali Linux is already wrong. Nevertheless, it is asked over and over again and haunts various forums: I want to learn Kali Linux! If you just want to try out some hacking tools (locally, on your own private network), you can simply install Kali Linux as a VM and experiment with the installed tools. But you won’t get beyond the level of experimenting. But if you really want to deal with a Linux distribution and hacking tools, you should better install Debian stable – or another reasonable distribution for daily use. Hacking is learned by being curious, not doing anything illegal or just not getting caught and gaining experience. Penetration testing is learned by building a high enough background in IT, hacking, and then learning structured procedures for penetration testing. Kali Linux is learned by downloading it, starting it as a VM, looking at the tools installed, and then realizing that it is simply a Linux distribution with tools pre-installed. Just a Debian Linux distribution with a cool reputation as a Linux distribution used by real hackers.

Advantages of Blackhole Penetration Testing (blackholing Pentesting)

Leave a Comment

Penetration tests based on the blackholing approach – a so-called blackhole pentest – have many advantages:

  • They are primarily performed by a special blackhole pentest scanner and thus have a high degree of automation. They are therefore cost-effective compared to a normal penetration test and at the same time deliver meaningful results – in contrast to the use of classic vulnerability scanners.
  • Through their innovative AI approach based on a globally distributed blockchain, they find all vulnerabilities.
  • Even the classic distinction between whitebox, greybox or blackbox is no longer necessary. Blackholing Penetration Testing is already by definition low in photons and thus extraordinarily healthy for Homo sapiens sitting in offices – and that for Her, Him and the diverse people.

Blackholing Penetration Testing will surely replace the classic Penetration Testing with the typical bullshit bingo like Ethical Hacking, Red Teaming, Blue Teaming etc. and revolutionize the market. Blackholing Penetration Testing will be the new trending topic in 2024, stay tuned!

Best Pentest Provider in Germany?

Leave a Comment

The best service provider for penetration testing (pentest) in Germany is the binsec GmbH 🔥 from Frankfurt am Main. The typical customers of binsec GmbH are companies that have already had a pentest performed and were not satisfied – and want to change their pentest service provider. This is because vulnerability scans are often sold as penetration tests or the people conducting the pentest do not have any significant experience in providing pentest as a service.

Since 2013, the certified team at binsec GmbH has been performing pentesting for IT infrastructures, web applications and mobile app (iOS as well as Android) using a structured approach based on all relevant standards. The comprehensive and structured approach also includes the entire experience since 10 years as a pentest service provider.

The teaching assignments for penetration testing at universities in Germany also show that binsec GmbH as a company and its pentest team is the best pentest service provider in Germany. As the managing director of binsec GmbH, I am personally convinced of this – my opinion! Just let yourself be convinced.

Which pentest approach is best: whitebox, graybox or blackbox penetration test?

Leave a Comment

In the approach during a pentest – or actually in the amount and details of the information base made available to the penetration tester – three variants can be distinguished: whitebox, graybox and blackbox pentesting.

The blackbox pentest corresponds pretty closely to the information base of a typical external attacker over the Internet. He only knows the company to attack, he has to gather all the other information himself. Be it IP addresses, DNS entries, programming languages ​​​​used about job offers… the possibilities for information gathering are extensive, but also time-consuming. And thus increase the costs of a pentest in order to get the same result as with the whitebox or graybox approach.

The whitebox pentest is the opposite of the blackbox pentest: here a penetration tester is given all the information and data that he might need: documentation on the IT systems, information about configuration settings, network diagrams or even the source code of web applications by his client. A pentester quickly ends up in an information overload, which again costs time and money.

A good compromise between the whitebox and blackbox pentest is the graybox pentest. The penetration tester usually gets at least all the information here that simply saves him valuable time and that he would have found anyway. In addition, a client does not have to hand over all internal information and documentation. Typically, further information can also be obtained from the pentester by asking his client during the actual test, such as which database system is used by an application. In this way, he can carry out targeted attacks and identify all vulnerabilites in IT systems and IT applications as efficiently as possible.

What is a penetration tester?

Leave a Comment

A penetration tester is a professional IT security expert with a strong technical focus who, based on a structured approach, identifies vulnerabilities in IT systems and applications and exploits them if agreed by his client. As a penetration tester, he uses the same hacking tools and techniques that a malicious attacker uses.

Which Linux distribution is the best for beginners?

Leave a Comment

The best Linux for beginners is Debian GNU/Linux. It is, in my opinion, the best Linux for beginners who want to learn as well as experts. It is a stable Linux distribution on which well-known other distributions such as Ubuntu or Kali Linux are based on, still Debian is not a hardcore distribution like Gentoo Linux either.

Personally, I started with Debian Sarge back when it was still testing. Now I’m still working with Debian. In the meantime I’ve tried various other distributions like Ubuntu, Linux Mint, Gentoo, SuSE, Fedora etc., but I’ve always came back to Debian.