Maximilian Heichler from SCHUTZWERK shared insights on AI security at Embedded Testing 2026 – from jailbreaks to prompt injections. A review of a successful conference.
The EU funding program SECURE4SME provides SMEs with up to €30,000 for implementing the Cyber Resilience Act. SCHUTZWERK supports the implementation of fundable cybersecurity measures.
StackWarp (CVE-2025-29943) is a vulnerability affecting AMD SEV that enables malicious hypervisors to tamper with encrypted virtual machines. This article recounts how recognizing a familiar exploitation pattern allowed us to quickly identify a promising attack path and build a working data-only exploit. The second half provides a technical overview of the sudo exploitation technique.
From December 6, 2025, the NIS2 Implementation Act strengthens cybersecurity.
On November 25-26, 2025, the GermanOWASPDay takes place at the Radisson Blu Conference Hotel in Düsseldorf. SCHUTZWERK has been a regular sponsor of this independent conference for application security since 2016, bringing together security experts, developers, and IT decision-makers.
Tickets are still available. More information and registration: god.owasp.de/2025
The first day (November 25) is designed as a training day. Two workshops run in parallel in the morning: “Leveraging Browser Features for Proactive Defense” by Javan Rasokat and the “Workshop Cyber Resilience Act” by Michael Helwig. In the afternoon, the German Chapter Meeting takes place, alongside the workshop “Threat Modeling with AI” by Georges Bolssens. The day concludes with a networking event.
SCHUTZWERK Senior Security Consultant Maximilian Heichler presented on Industrial Systems as Attack Targets at Beyond IoT 2025
As first step of the embedded fuzzing cooperation with Lauterbach we export snooping data from TRACE32® and use it with Ghidra and its cartographer plugin.
Following two parallel EU-wide tender processes, SCHUTZWERK has been selected as a competent partner for both comprehensive penetration tests and specialized OT security assessments for Deutsche Bahn
SCHUTZWERK GmbH is now one of the few recognized CVE Program partners in Germany
SCHUTZWERK remains a reliable partner for the automotive industry
Quality standards and comprehensive information security of SCHUTZWERK GmbH independently recertified
SCHUTZWERK and udis host a practice-oriented seminar on IT security assessments and their implementation in a corporate context
SCHUTZWERK supports Elbsides 2025 in Hamburg as a local security company
SCHUTZWERK visits the Embedded World 2025 in Nuremberg. We are looking forward to your visit!
Looking to level up your IT security game? Increase your IT security skills with certified training from SCHUTZWERK and udis! Our experts Dr. Bastian Könings and Christoph Wolfert will make you fit for the challenges of IT security in 15 days.
SCHUTZWERK and Lauterbach research new fuzzing and manual pentesting methods to improve the security of embedded and automotive devices.
Organized by SCHUTZWERK and udis - Ulmer Akademie für Datenschutz und IT-Sicherheit, this seminar offers the perfect opportunity to take your IT security strategy to the next level.
This practice-oriented seminar shows how companies can improve their IT security through targeted assessments such as penetration tests, vulnerability analyses, or phishing simulations. Christoph Wolfert, Managing Consultant at SCHUTZWERK, teaches the basics of planning and implementing such tests in a compact seminar day. With a maximum of 18 participants, a personal and intensive learning atmosphere is ensured.
GermanOWASPDay2024 is just around the corner! On the 12th and 13th of November 2024, the conference organized by the German branch of OWASP will take place in Leipzig. As in the previous year, SCHUTZWERK is an official sponsor of the conference. We are happy to do our part and support OWASP and its conference.
We’re Heading to the Elbsides2024Conference !
SCHUTZWERK has been awaiting the Elbsides conference for a while, and now it’s just around the corner. However, we are not only participating, but, as we have previously announced, we are also sponsoring Elbsides, as a Bronze Sponsor. Elbsides relies on sponsors to keep the lights on and we’re glad to lend a hand, as Elbsides is truly a conference worth supporting. The Empire Riverside Hotel in Hamburg on the 13th of September will be an exciting meeting of the minds with an interesting lineup of speakers, as well as the coming together of cybersecurity enthusiasts and experts alike. We look forward to meeting you all!
We are pleased to be participating in the ASQF Safety & Security Day 2024 on September 17 in Wiesbaden! This event offers a unique opportunity to experience the latest trends in hardware and software development in the field of IT security. We are proud that two of our SCHUTZWERK experts, Dr. Bastian Könings and Heiko Ehret, will provide in-depth insights into two highly topical cybersecurity issues during the event.
Dr. Bastian Könings: Trends in Cybersecurity from Silicon to Cloud"
The Elbsides2024Conference will take place in Hamburg on 13 September 2024. We are happy to be a sponsor again. After last year’s successful Elbsides Light Conference, this year’s conference from the BSides series will once again be a full-day event.
The Security BSides are organised by the security experts to bring the IT security community together. We are looking forward to exciting presentations and a good personal exchange on site.
We from SCHUTZWERK will be at the Embedded World in Nuremberg from April 9th to 11th, 2024! The EmbeddedWorld is a trade fair for experts in embedded systems. Come visit our booth 372 in Hall 5 and meet our special companion: Our Glitching Setup, which we use for Fault-Injection attacks as part of EmbeddedSecurityAssessments , for example, to bypass security checks like password prompts.
SCHUTZWERK is visiting Munich! From February 21st to 22nd, 2024, we will be at the building IoT Conference participating with a presentation. The buildingIoT has been the meeting point since 2016 for those developing software applications and digital products in the Internet of Things and Industrial Internet of Things.
On February 22nd, in our presentation BreakingThroughtheWall:SideChannelAttacksandFaultInjection we will showcase invisible methods through which attackers obtain confidential information. We will shed light on hidden dangers and provide a practical and illustrative insight into the topic, strengthening awareness of the complex threats in the highly connected world of IoT.
On 2023-11-14 the CISPA Helmholtz Center for Information Security published a new Attack on AMD-SEV called CacheWarp (CVE-2023-20592), in which I am one of the original authors. This attack allows a malicious hypervisor to drop memory writes on an encrypted VM using the invd instruction. Due to the difficulty of the setup, a feasible attack should only drop memory once to achieve its goal. In this article, we examine how one memory drop is enough to break openssh and sudo to completely hijack the victim system.
We are excited to announce that Telechips, a leading supplier of System-on-Chip (SoC) components for automotive In-Vehicle Infotainment and cockpit solutions based in Seoul, South Korea, has selected SCHUTZWERK as their strategic partner for SoC cybersecurity assessments.
Telechips has chosen to partner with SCHUTZWERK, a renowned and experienced provider of automotiveandembeddedsecurityassessments , to conduct comprehensive cybersecurity assessments of their entire SoC portfolio through the end of 2024.
On June 15, Baral Connect 2023 takes place in Reutlingen. SCHUTZWERK GmbH is an official sponsor and speaker of the event.
SCHUTZWERK will be at the building IoT conference in Munich from April 26 to 27, 2023 giving a talk. Since 2016, buildingIoT has been the meeting place for those who develop software applications and digital products in the Internet of Things and the Industrial Internet of Things.
On April 27, we will give the talk Easypreyforhackers?FindingandavoidingtypicalvulnerabilitiesinIoTsolutions , presenting the most common and relevant vulnerabilities in IoT devices from our assessment practice. We will explain the vulnerabilities using real-life practical examples and show how they can be uncovered during penetrationtesting and thus detected and fixed at an early stage.
After a pause of several years the GERMAN OWASP DAY 2023 will take place in Frankfurt on the 30th and 31st of May 2023. SCHUTZWERK is an official sponsor of the event.
The GERMANOWASPDAY2023 will be hosted by the German OWASP Chapter. The German OWASP Day is the most important, independent and non-commercial conference on application security in Germany. The event offers exciting talks about secure development, operation, testing and management in the field of applications. The focus is on web applications. Interdisciplinary, non-technical topics are also represented. We are looking forward to an interesting exchange on site.
SCHUTZWERK will be present at EmbeddedWorld in Nuremberg from March 14-16, 2023. Embedded World is the trade fair for experts along the entire value chain of embedded systems. Visit our booth 4-104c in hall 4 and see our PROBoter in action. We will be happy to present our services in the area of EmbeddedSecurityAssessments and explain which vulnerabilities we can uncover from silicon to the cloud. For example, learn more about the possibilities of SoC-specific analyses or attack vectors using power glitching and power analysis. We look forward to your visit. Make a reservation for a discussion at our booth in advance or ask for a free ticket by e-mail to info@schutzwerk.com .
Our colleagues Fabian Weber and Florian Schmid will be speaking at the automotive security conference “Secure Our Streets 2022” on the 15th September.
The “Secure Our Streets 2022” is a conference on automotive and embedded cyber security, organized by the Automotive Security Research Group (ASRG). Our talk “PROBoter - Automating PCB analysis tasks to support penetration tests of embedded systems” is only one of many interesting topics on the agenda (more about the PROBoterinourblog ). Registration is free and still open ( https://secureourstreets.com ). Join us for some interesting talks about embedded and automotive security.
We are pleased to announce that we successfully completed our project for triple certification (ISO 27001, ISO 9001 and TISAX) in April 2022. Thus, the implementation of our always high demands on security, quality, and trustworthiness, related to our services, is now confirmed by an independent party.
A high level of security, quality, and trustworthiness are of central importance to us to provide our services. To systematically implement and maintain this demand, a corresponding Integrated Management System (IMS) has already been established at SCHUTZWERK in the past.
Christoph Wolfert, Managing Consultant at SCHUTZWERK GmbH, was a guest at the 10. Ulmer Logistiktag on 12th of May 2022 to give insights to the topic of phishing attacks and the threats for (logistics) companies.
Phishing attacks are omnipresent and currently one of the most spread variants to attack companies. Also logistics companies are affected. Due to their strong dependency on IT (e. g. in the field of warehouse management, dispatching and transport) phishing attacks are always on the agenda.
On May 15, 2022, BSides Munich will start with workshops, followed by interesting talks the next day! After during the last two years all onsite events either had to be cancelled, were only feasible under difficult conditions or were planned virtually, we SCHUTZWERKers are happy that this year a bit of normality has returned. As a bronze sponsor, we are therefore happy to support BSidesMunich , which will once again be held as an onsite conference in Munich!
SCHUTZWERK answers important questions for Südwestpresse (SWP) newspaper regarding the data leakage at Legoland with thousands of affected customers.
On 12th of April 2022 it was published (see the announcementoftheheise-online-Redaktion ), that for half a year the booking history of every customer was accessible, caused by the introduction of a new booking system. The booking system was turned off and the Data Protection Authority was informed, but important questions remain unanswered. Christoph Wolfert, Managing Consultant and Date Protection Officer at SCHUTZWERK GmbH, clarifies within the Südwestpresse (SWP) interview the most important questions.
The PROBoter is a modular, self-calibrating probing machine to support PCB analysis tasks in penetration tests of embedded systems. The video of the PROBoter demonstrates its four main contributions: 1) The automatic visual detection of components and contact points on a PCB, 2) the automatic probing of contact points for net reversing and signal detection, 3) the mapping of signal lines to given bus protocols, and 4) the support in identification of potential attack vectors.
This year, SCHUTZWERK is not only a sponsor of Elbsides , but will also hold a talk on June 22, 2021 at 4:10 p.m. The topic of our colleague Dr. Henning Kopp will be ‘Padding Oracle Attacks - The critical bug in your home-brewed crypto protocol’
The current situation and the preventive measures taken around the COVID-19 pandemic not only severely restrict public and private life, but also have a major impact on work culture.
re and more companies are being forced to allow their employees to work from home in order to keep operations running as smoothly as possible despite the restrictions and prohibitions.
Where otherwise concepts are developed over months, preparations are made and test runs are carried out, home office possibilities must currently be created within a few days. These ad hoc solutions are therefore rarely fully developed and often exhibit considerable deficiencies in the area of IT security. This is also reflected in the significant increase in malware and phishing campaigns, which take advantage of the current situation and thus increasingly target home office employees.
We support you through difficult times!
Dear customers, business partners and interested parties,
we, the SCHUTZWERK team, hope that all of you are well and remain healthy. We would like to assure you that we will continue to be at your full disposal and will gladly support you in this difficult situation. Our Forensics and Incident Response Team already supports many customers in analyzing the increasing number of IT-based attacks. With our dedicated security review for home office and remote work solutions we support our customers in dealing with current challenges.
This time the OWASP Day will take place in Karlsruhe on 10th of December. As an official sponsor SCHUTZWERK GmbH will take part again! The German Chapter will host this year’s GOD. This event is the most important, independent and non-commercial conference on web application security in Germany. The OWASP Day is characterized especially by its vendor neutrality and is free of marketing presentations. There will again be numerous lectures on secure development, operation, testing and management in the field of web-based applications.
Since October 2019 we are a cooperation partner of the University Association Wedel of the University of Applied Sciences Wedel (FH Wedel). In our third year in Hamburg we are now also setting sail in the academic context in order to inspire students for IT security. As a link between the university and business, the association has been supporting students for over 25 years. With its courses of studies in Computer Engineering, Computer Science and, above all, IT Security, FH Wedel covers exactly the needs of the areas in which we are looking for IT security consultants.
The first BSides will take place in Hamburg on September 16, 2019. We are an official sponsor of this event. After three successful years in Munich and since this year also in Stuttgart, the North of Germany finally won the BSides’ heart! Under the title Elbsides , all security interested people are invited who live especially in the North of the Elbe.
The Security BSides is organized by experts of IT security to bring the IT security community together. Some of the members of the Meetup group HH.Security and the organizers of BSidesMunich stiffened Hamburg as a new location. SCHUTZWERK found its second site in Hamburg in 2017 and is very excited! Part of our Hamburg team will take part.
Our new office in the historic building of the Hanse-Viertel offers growth potential and best working conditions for the Hamburg team of SCHUTZWERK.
After a long search, we were able to find a new home for our Hamburg team in a popular inner city location. It offers sufficient space for the grown team and space to grow further. Some things are still under construction, but we have Internet, club-mate, coffee, height-adjustable desks and equipment for the meeting room. We still need some more furniture for our lounge area and are hesitating between a pool table, airhockey table or foosball table.
As part of the 10 years IT security anniversary lecture series at Aalen University, Bastian Könings has given an introduction to the security of today’s and future vehicles. In his talk, he outlined known security issues and demonstrated existing attacks on cars. How these issues are being addressed in current development processes was discussed by showing the goals and approaches of penetration tests conducted by SCHUTZWERK in the automotive domain.
In cooperation with the Aalen University of Applied Sciences, SCHUTZWERK organized another successful hacking event for their students. As part of the all-day event, the students were invited to solve challenges from different categories and levels of difficulty. New this year were, besides the updated Challenges in the existing areas, challenges from the topic Hardware / Embedded Security.
At this point we would like to thank the University for the cooperation and congratulate the winners of the event.
With two new employees in Ulm and two new employees in Hamburg, we have successfully expanded our team.
We were able to further expand our competencies, particullary in the embedded, automotive and cloud security area. In addition to assessments in the Azure and AWS environments, penetration tests of whole vehicles and ECUs were a key focus in 2018.
Together with our customers we have successfully mastered more than 100 projects and were able to achieve our own goals.
The 10th German OWASP Day will take place in Münster on the 20th of November. SCHUTZWERK GmbH is an official sponsor of the event.
The GermanOWASPDay2018 , like every year, will be hosted by the German OWASP Chapter, this year for the tenth time. The German OWASP Day is the most important, independent and non-commercial conference on application security in Germany. The event offers exciting lectures on secure development, operation, testing and management in the field of applications. The focus is on web applications. Interdisciplinary, non-technical topics are also represented. We are looking forward to an interesting exchange on site.
hardwear.io will take place in Den Haag/Netherlands on 11th-13th of September 2018. SCHUTZWERK GmbH is an official sponsor of the event.
hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The conference will present and discuss current topics of hardware security, for example concerning automotive and IoT sectors.
SCHUTZWERK regularly conducts technical assessments and security consulting in the area of embedded systems and IoT, see also EmbeddedSystemsAssessment . We will take part with several participants and look forward to interesting discussions.
Munich, Germany – 25 May 2018 – The more electronics steer, accelerate and brake cars, the more important it is to protect them against cyber-attacks. That is why 15 partners from industry and academia will work together over the next three years on new approaches to IT security in self-driving cars. The joint project goes by the name Security For Connected, Autonomous Cars (SecForCARs) and has funding of €7.2 million from the German Federal Ministry of Education and Research. Infineon is leading the project.
The last year was exciting and full of challenges for the SCHUTZWERK-Team.
We were personally touched by the leave of our Managing Director Holger Gerlach. He left the company for personal reasons. Greetings from the whole team and all the best for you and your family, dear Holger! From 2018, Christoph Wolfert and Dr. Bastian Könings will take over more responsibility in their new role as Managing Consultants.
We opened our new office in the beautiful Hanseatic city of Hamburg. The first employees take care of our steadily growing clientele in Northern Germany.
The 9th German OWASP Day will take place in Essen on the 14th of November. SCHUTZWERK GmbH is an official sponsor of the event.
The GermanOWASPDay2017 , like every year, will be hosted by the German OWASP Chapter. The German OWASP Day is the most important, independent and non-commercial conference on application security in Germany. The event offers exciting lectures on secure development, operation, testing and management in the field of applications. The focus is on web applications. Interdisciplinary, non-technical topics are also represented.
This year the it-sa, one of the biggest trade fairs for IT-Security in the German-speaking region, will take place from 10th to 12nd October at the Nuremberg Exhibition Centre. SCHUTZWERK GmbH will be present in hall 9, booth 9-615. This is the joint booth of the Bavarian IT security cluster.
Visitors who want to prove their hacking skills can do so at one of two capture-the-flag contests. Here, participants experience a lack of IT security in practice and can take advantage of one of the rare opportunities for hacking legally. You can participate for a whole day or drop in and solve some of the challenges for one or two hours.
hardwear.io will take place in Den Haag/Netherlands on 21st-22nd of September 2017. SCHUTZWERK GmbH is an official sponsor of the event.
hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The conference will present and discuss current topics of hardware security, for example concerning automotive and IoT sectors.
SCHUTZWERK regularly conducts technical assessments and security consulting in the area of embedded systems and IoT, see also EmbeddedSystemsAssessment . We will take part with several participants and look forward to interesting discussions.
On March 24, 2017, SCHUTZWERK, in cooperation with the Institute for Distributed Systems, held a "Capture-The-Flag" hacking competition for about 60 students of the University of Ulm.
As part of the all-day workshop at the University of Ulm, students were given various hacking tasks in multiple categories and difficulty levels. A part of the tasks were concerned with a forensic investigation of IT systems, based on provided memory images. Further tasks covered the areas of security of web applications, algorithms and cryptography.
In cooperation with the Universities of Furtwangen and Aalen, SCHUTZWERK organized a hacking event on the 25th resp. 30th of November 2016, which also included a ''Capture the Flag Contest''. With overall nearly 100 participants and a lot of positive feedback the events were a full success.
We like to say thank you for the professional cooperation to those responsible on the side of the Universities of Furtwangen and Aalen. Also a big thank you to all participating students for the awesome participation!
In cooperation with the University of Aalen, SCHUTZWERK is organizing a Hacking Workshop with “Capture the Flag Contest” on the 30th November 2016. The event enables the participants to achieve IT security know-how in a playful way.
The workshop covers diverse areas, for example the forensic analysis of IT systems, on the basis of a working storage map. Further topics in the area of web application hacking, algorithmics and cryptographiy will be addressed additionally.
Since 2012 SCHUTZWERK is sponsoring the mens handball team I of the SG Ulm & Wiblingen. This year it was time again for new tracksuits and warm-up shirts.
The best wishes from SCHUTZWERK to the regional league team from SG Ulm & Wiblingen for the game season 2016 / 2017.
In cooperation with the University of Furtwangen, SCHUTZWERK is organizing the Hack2Improve event on the 25th November 2016, focusing on the latest IT security topics.
Hack2Improve is a hands-on event that attracts beginners as well as advanced attendees year after year. For example, they learn how to read a secure WLAN connection. Another key issue includes the basics for examining a smartphone app and the sensitive data it contains. Intermediate participants learn the forensic investigation of IT systems as well as advanced topics in the field of hacking web applications.
The 8th German OWASP Day will take place in Darmstadt on the 29th of November. SCHUTZWERK GmbH is an official sponsor of the event.
The yearly GermanOWASPDay conference is hosted by the OWASP German Chapter. The event features interesting talks and presentation concerning secure development, operations, test and management in the area of application security, with a focus on web applications. In addition, interdisciplinary and non-technical topics are also presented.
SCHUTZWERK at the first IT-GRC Congress in Berlin.
On the 15th and 16th June 2016 the first IT-GRC Congress took place in Berlin. The organizers "ISACA Germany Chapter e.V." and “Quadriga Hochschule Berlin” focus the event on “Cyber Security & Digital Transformation”. But the topics went beyond Governance, Revision and Compliance and covered also the current threat landscape in information technology.
At the event Christoph Wolfert, Senior Security Consultant at SCHUTZWERK GmbH, spoke about targeted attacks. Besides explaining the details of these attacks, he demonstrated live different attack examples for the audience.
After a lot of work and dedication, our new website has now gone online this August. In close collaboration with the web specialists of the agency Halma and with the ongoing support of the graphic design agency greenergrass, we have now taken our online presence to a new level. At the same time, we have also streamlined our portfolio in order to take account of increasing specialization requirements in information and IT security. In future, SCHUTZWERK GmbH will be focused on their core competencies of assessment, consulting and process. Furthermore, we are pleased to welcome Thomas Bläsing and Philipp Wenk as competent additions to our team of auditors and consultants.
On 14th June 2016, the 13th Cyber Security Day took place in Leipzig. This event was organized by the Alliance for Cyber Security, an initiative of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI). This time the event was dedicated to the topic of "Web Application Security". Owing to the huge demand, the contents were, for the first time, specifically aimed at “engineers” as target audience.