The German Department of the Interior has recently published its new Cyber Security Strategy for Germany (german version here).

Whether it's good or not that a government is…

 …

I just added Judy Novak to the "IDS hall of fame" of my Intrusion Detection Mindmap.

She definitely deserves a place in anybody's IDS hall of fame. ;-)

The mindmap can be downloaded here.

Just save it as IDS.mm and open it in the mindmapping tool of your choice. I personally prefer Freeplane.

If you have valuable…

This is what Morpheus said to Neo in the movie "The Matrix".  And it's so very true regarding information security.  

Intruders don't care about what you're thinking about your network security. They just peek and poke until they find a hole that you would not have thought existed.

Check! Your! Facts! Know your network. If you're not sure - just check, don't speculate!

It's the same for general troubleshooting problems and for information security. I am seeing…

The folks of Pauldotcom Security Weekly podcast inspired me to write something about using 0day exploits for pentesting.

The question was, whether or not it's a good idea or fair to use those in a pentest.

My take on this is like "hell yeah!". But there are some more aspects to that topic of course, otherwise I wouldn't have considered writing a blogpost on it.

So first off, let's discuss what the intention of using 0days in pentesting might be. For me…

I'm happy to announce a new site http://v3rb0t3n.com/ (not much there now but give it time) ;-) feel free to add some ideas in the comments below :-)