Until now, the global security community believed that TCP ports end at 65535. This assumption was widely accepted, documented, and implemented in virtually every scanner on the market. It is rooted in a simple math problem involving only 0 and 1. The calculation appeared sound, was easy to implement, and therefore became an unquestioned industry … [Read more…]
binsec GmbH is currently looking for reinforcement (as a part time position)in the area of penetration testing – and we’re taking an approach that is quite rare in the industry: A true 3-weeks-on, 1-week-off work model. What does that mean? You work three weeks as usual on client projects – and then you get a … [Read more…]
Every few weeks, someone asks me the same question: “What do you actually find in a typical web penetration test?” Instead of answering anecdotally, I pulled the aggregated data from the last 12 months of web application tests (including APIs) performed by binsec GmbH. The result is the graphic below – and it reflects the … [Read more…]
TISAX (Trusted Information Security Assessment Exchange) is the industry-specific security standard of the automotive sector – developed by the VDA and operated by the ENX Association. It ensures that companies demonstrably meet a high level of information security and can reliably share this status with their partners. As part of TISAX, the regular execution of … [Read more…]
The binsec GmbH relies on PTDoc® for its penetration tests – a specialized tool for structured penetration testing and professional report generation. PTDoc was developed by binsec systems GmbH. The idea for PTDoc emerged during the growth of the binsec team: How can quality remain consistently high when individual penetration testers have different personal focus … [Read more…]
The new NIS2 Directive of the EU has been in force since early 2023. It no longer applies only to traditional critical infrastructure operators (KRITIS), but now covers a wide range of important entities, including: The NIS2 Directive does not explicitly mandate penetration testing, but it requires measures that are hardly feasible or verifiable without … [Read more…]
The specific personal data processed during a penetration test largely depends on the target of the test. In general, the following categories can be distinguished: 1. Customer Points of Contact There’s no way around it: the pentester needs contact persons. Typically, this involves processing names, job titles, business email addresses, and phone numbers — stored … [Read more…]
Subdomains often reveal which internal systems, websites, or platforms a company operates. Finding subdomains is an important part of security assessments, penetration tests, or general research, as it can uncover potential attack surfaces that might otherwise remain hidden. The SubDomainFinder from binsec.tools identifies subdomains of a domain by combining several methods:
A tool that displays your own public IPv4 and IPv6 addresses is now online at binsec.tools. It’s not the first tool that does that, but it’s free of advertising and tracking: What is my IP address? From a linux shell you can also call $ curl https://ip.binsec.tools/ and get your IP back in JSON format {“ip”: … [Read more…]
On 11th of February 2025 binsec GmbH received an “Invitation to Tender With Emirates Group” from vendor.registration@theemirategroup.com. This alleged tender is a case of targeted Advance Fee Fraud. I explicitly warn against responding to emails from this domain or making any payments. This is a deceptive scam that misappropriates the identity of the legitimate Emirates … [Read more…]
