The problem of mobile anonymity Dystopia is in full swing in Europe, and achieving true anonymity from mobile devices is a big problem. The picture below shows that most countries require mandatory registration of SIM cards on the national ID or passport. This means that all mobile operators in a given state (and, of course, […]

When on a security audit for a client it was discovered that a key component – the open-source private paste service PrivateBin contained a previously undocumented flaw. Cross-site-scripting is nothing new. I actually feel there must be prehistoric cave paintings and markings somewhere in the world containing some variation of <script>alert(1)</script>. Although XSS payloads embedded […]

How to get an EU vaccination card for any citizen of the Slovak Republic based on their name and date of birth 1 Vulnerability history Similar to our recent revealed vulnerability in the NCZI systems (NCZI or NHIC National Health Information Center), where we were able to download 130 000 PCR/antigen tests and personal information […]

Job Description: Search for security vulnerabilities in Android/iOS apps and in the most diverse web applications and web services. Testing of mobile applications involves detailed testing of mobile applications and relevant web services in accordance with the OWASP Mobile Security Testing Guide. The result of the testing is documented by creating a final report in […]

Watch a video and read our comprehensive answers: Describe what Threat Hunting means and why it can be helpful for companies? On average, adversaries are present within an organization for more than 140 days before they are detected, and it often takes weeks and even months to entirely remove them. The time during which an […]

1 WHAT IS RED TEAMING? In the following article, we will explain exactly what “Red Teaming” means, how it differs from traditional penetration tests, how the “Red Teaming” approach is unique, and why it best simulates a real coordinated attack. In Nethemba, we performed “Red Teaming” for many years before the term was publicly adopted […]

This is the third part of the article Our customer guide I and Our customer guide II. Repeated tests and bug bounty program The results of the performed penetration test or security audit are valid only to the specific date when the customer receives the final report. Neither we nor any other IT security company in […]

This is the second part of the article Our customer guide I. I want an offer, what do you need from me? (RFP) If you already know exactly which penetration tests or security audits you are interested in, do not hesitate to contact us. You can also do this in a secure encrypted way – […]

Everything you wanted to know about our IT security services The goal of the following document is to explain how to choose a suitable penetration test or security audit according to your expectations, following professional standards and at the best price. It is based on our 14 years of experience in the field of ethical […]

In the Moje eZdravie application, we identified a trivial vulnerability that allowed us to obtain personal information about more than 390,000 patients who were tested for COVID-19 in Slovakia (for the demonstration we managed to get personal information about more than 130,000 patients, of which more than 1600 COVID-19 positive). The personal information obtained for […]

You are an ethical hacker. You are doing penetration tests and security audits. You know how to test the security of web and mobile applications for vulnerabilities. If you find any, you report them to the appropriate people so that they may be fixed. Although penetration testing can be lucrative, it is not without its […]

Please note that this following post is my own opinion and I do not speak for our team or Nethemba s.r.o as a company on this matter. Many people reading my previous blog entries and who communicate with me in the Offsec IRC may see me as a bit of an Offensive Security fanboy. I […]