Our employees frequently engage in research projects to live up to the high standard. They analyze the latest topics, methods and tools in interesting information security areas and prepare them in this context. The results of these activities contribute, for example, to projects, lectures at conferences, market overviews and articles for technical journals as well in advisories and zero-day-vulnerabilities.

Blog Articles


Inside the NAC Pi

July 5, 2024 – The NAC Pi is our all-in-one man-in-the-middle device, which allows us to bypass network access control solutions, including 802.1x. We use it as an effective measure in our Red-Teaming assessments to eavesdrop on and manipulate our customers’ supposedly protected network traffic. With this blog article we would like to go into the theory behind it and take you on the journey of how our device was created.

Author: Leon Schmidt

Read more »

Loader Dev. 5 – Loading our payload

May 10, 2024 – In this post, we will finally cover loading our actual payload. As discussed at the beginning of this series, our loader should be able to load shellcode and C# assemblies as well as PEs. The actual mode will be chosen using an argument to the python script used for compilation.

Author: Kolja Grassmann

Read more »

Loader Dev. 4 – AMSI and ETW

April 30, 2024 – In the last post, we discussed how we can get rid of any hooks placed into our process by an EDR solution. However, there are also other mechanisms provided by Windows, which could help to detect our payload. Two of these are ETW and AMSI.

Author: Kolja Grassmann

Read more »

Loader Dev. 1 – Basics

February 10, 2024 – This is the first post in a series of posts that will cover the development of a loader for evading AV and EDR solutions.

Author: Kolja Grassmann

Read more »



Vulnerability in VMware Workstation (CVE-2023-20854)

February 3, 2023
VMware Workstation is a virtualization software that allows to run several virtual machines in parallel on one device. These virtual machines can be managed via the software VMware Workstation Player or VMware Workstation Pro, which is installed on all systems used for managing virtual machines.

Read more »


cirosec conducts vulnerability research into products and services, which at times results in zero day vulnerabilities being discovered.

cirosec follows a responsible disclosure policy when dealing with zero-day vulnerabilities found during research or customer projects. The goal is to balance the need of giving the vendor or open-source project enough time to develop and distribute a fix for the vulnerability with the need of the public to know about the security vulnerability. The policy is in accordance with industry-standard responsible disclosure practices. Our Responsible Disclosure Policy can be found here.

Below is a list of CVEs vulnerabilities identified by cirosec and presented here for reference and cataloguing.

VulnerabilityCVECVSS ScorePublication DateMore Details
Vulnerability in baramundi Management AgentCVE-2024-66897.8 (CVSS v3)July 15, 2024baramundi
Vulnerability in Checkpoint HarmonyCVE-2024-249127.8 (CVSS v3)May 1, 2024Advisory, Checkpoint
Vulnerability in Webroot AntivirusCVE-2023-72417.8 (CVSS v3)May 1, 2024Advisory, Webroot
Vulnerability in BitdefenderCVE-2023-61547.8 (CVSS v3)April 1, 2024Advisory, Bitdefender
Vulnerability in neo42 Sumatra PDF Package 7.8 (CVSS v3)November 7, 2023Advisory
Vulnerability in Bytello Share 7.8 (CVSS v3)November 6, 2023Advisory
Vulnerability in VMware WorkstationCVE-2023-208547.8 (CVSS v3)February 3, 2023AdvisoryVMware
Vulnerability in Remote Access Software from RealVNCCVE-2022-419757.8 (CVSS v3)September 30, 2022AdvisoryRealVNC

Blogs - Overview

TitleAuthorPublication DateCategory
Inside the NAC PiLeon SchmidtJuly 5, 2024Red Teaming
Loader Dev. 5 – Loading our payloadKolja GrassmannMay 10, 2024Red Teaming
Loader Dev. 4 – AMSI and ETWKolja GrassmannApril 30, 2024Red Teaming
Loader Dev. 3 – Evading userspace hooksKolja GrassmannApril 10, 2024Red Teaming
Loader Dev. 2 – Dynamically resolving functionsKolja GrassmannMarch 10, 2024Red Teaming
Loader Dev. 1 – Basicsder Dev. 3 – Evading userspace hooksKolja GrassmannFebruary 10, 2024Red Teaming
Microsoft Tiering Model – Part 3/3Hagen MolzerJanuary 10, 2024AD Security
Microsoft Tiering Model – Part 2/3Hagen MolzerDecember 10, 2023AD Security
Microsoft Tiering Model – Part 1/3Hagen MolzerNovember 10, 2023AD Security

Your contact person

Do you want to protect your systems? Get in touch with us.