Clients

Most of our customers decline, for obvious reasons, from being publicly named as a reference. Should you require project-specific references, we would be happy to make such a request with prior client agreement.

Software Projects

Several tasks must be executed frequently, and sometimes a software is developed to perform these tasks. From time to time we also publish projects to let others benefit from our research and work.

• Die Datenkrake - Open-source hardware and software toolchain for hardware security analysis.: http://datenkrake.org/
• Fix Windows Privacy - Open Source Tool for the elemination of privacy issues in Microsoft Windows 10: https://modzero.github.io/fix-windows-privacy/

Security Advisories

From time to time, we publish Security Advisories, to inform customers and vendors about security vulnerabilities in products. These advisories are published right here.

Projects

To follow is a short list of projects in which we were able to support our customers.

• Analysis of Web applications for nationally and internationally active financial and large companies
• Reverse Engineering of targeted malware, trojans, worms and exploits
• Analysis of hardware, software and Firmware for various e-Banking Authorization-Tokens
• Source Code analysis of Apple iOS-based applications
• Detailed, technical security analysis of mobile devices and applications for industrial, pharmaceutical and telecommunication companies
• Technical end-to-end security analysis of several centrally managed building-entry-systems
• Support in securing the Mobile Device Management solutions in the enterprise environment
• Evaluation of authentication and encryption methods for embedded systems
• Crypto Benchmarks on different microprocessors regarding feasibility and cost-benefit analysis
• Technical Risk Analysis of various known and unknown, radio-based communication protocols
• Support of the design of authentication solutions in the industrial sector and embedded device development
• Support in terms of forensics and incident handling for internal and external events

We would be happy to assist you competently and discreetly with our subject-matter expertise. Contact us!

Public Relations

Please find references below to previous publications made by our colleagues at modzero AG.

• Presentation of the Technical Analysis of a Government Trojan at the 28th Chaos Communication Congress (28c3) in Berlin. [http://www.youtube.com/watch?v=CJOL_sBAJSg]
   
• Presentation at a non-public (anti-) forensics event organized by a major financial institute. Subjects covered were Malware forensics and security of machine-to-machine communication (M2M), Security of wirelessly communicating embedded devices as well as methods for the analysis of the physical memory of PCs.
   
• As part of a public expert cycle, in the project group "Access, Structure and Security of Networks" on behalf of the Enquete Commission of Internet and Digital Society of the German Parliament, a range of questions to the invited expert Thorsten Schröder on the subject of Security of Networks were answered in writing in advance..
   
• Swiss Radio DRS 2 - "Dialogue between Scientists: IT-Security: IT Security: What motivates hackers?" Max Moser, specialist in Computer Security and passionate hacker & David Gugerli, Professor of History of Technology at the ETH Zurich, try to approach the phenomenon. [http://pod.drs.ch/mp3/wissenschaft-im-gespraech/wissenschaft-im-gespraech_201102091527_10167647.mp3]
   
• Introduction to the development and technical progress of the 2.4 GHz wireless radio sniffer in applications far beyond wireless keyboards. At the T2'10 InfoSec Security Conference in Helsinki, attacks against other 2.4 GHz based devices were presented such as the demonstration of a car immobilizer and discussion of countermeasures [http://t2.fi/schedule/2010/#speech4]
  Research results from the "Keykeriki" project were also presented at the following security conferences: DeepSec 2009 in Vienna (Austria), CanSecWest 2010 in Vancouver (Canada), SIGINT 2010 in Cologne (Germany), 0sec 2010 in Bern (Switzerland).
   
• 20 Minuten Online, exclusive interview and detailed background information on demonstrated vulnerabilities of SuisseID.
  [http://www.20min.ch/digital/hardware/story/17220624]
  The vulnerabilities of the SuisseID methodology were also presented at the SecurityZone Conference 2010 in Zurich (Switzerland).