Profile

Cover photo
Marc Ruef
Works at scip AG, Zürich
Attended Business School KV, Baden
Lives in Zürich, Switzerland
457 followers|378,568 views
AboutPostsPhotosYouTube+1'sReviews

Stream

Pinned

Marc Ruef

Shared publicly  - 
 
Labs: Wearables in Application. at Thursday, 22. January 2015 by Marc Ruef | G+. In the field of information technology, there's something new every few years. Something that everyone involved in the field talks about. However, few of these things end up actually being something tangible.
1
Add a comment...

Marc Ruef

Shared publicly  - 
 
Posted by Chris Evans, register whisperer. Part 1 of 4. There are a lot of memory corruption vulnerabilities in software, but not all are created equal. To a certain degree, the “usefulness” of a given memory corruption vu...
1
1
Thomas Junk's profile photo
Add a comment...

Marc Ruef

Shared publicly  - 
 
Infosec topics that return after 20 years: Strike-back attacks, voice-based auth, host-based computing, ...
1
Add a comment...

Marc Ruef

Shared publicly  - 
 
The deep and dark web may have a reputation for the illegal and illicit, but it can be a lifeline to many in oppressive and dangerous regimes.
1
Add a comment...

Marc Ruef

Shared publicly  - 
 
Scotty Bauer (a Utah grad student), Pascal Cuoq, and I have an article in the latest PoC||GTFO about introducing a backdoor into sudo using a compiler bug. In other words, the C code implementing sudo does not contain a backdoor, but a backdoor appears when sudo is built using a particular ...
1
Add a comment...

Marc Ruef

Shared publicly  - 
 
Labs: Hack in Paris 2015 - A Short Review. at Monday, 22. June 2015 by Veit Hailperin | G+ · Hack in Paris is France's biggest IT security conference that has been held annually in the country's capital since 2011. This year, scip employee Veit Hailperin has presented his research in front of a ...
1
Add a comment...

Marc Ruef

Shared publicly  - 
 
The F.B.I. and the Justice Department are investigating whether officials for the St. Louis Cardinals hacked into the networks of the Houston Astros to steal information about player personnel.
1
Add a comment...
Have him in circles
457 people
Jill Young's profile photo
Philipp Stirnemann's profile photo
Charles Windlin's profile photo
Mail Abovei's profile photo
Namunyak Jackline's profile photo
Thomas Bürli's profile photo
Steven Dasz Leung Yuen Feng's profile photo
juan olivarez's profile photo
Yves Torres's profile photo

Marc Ruef

Shared publicly  - 
 
Did you know: #HP #TippingPoint default config doesn't detect FIN scans (filter id 0291)
3
Pete Herzog's profile photo
 
Everything old is new again ;)
Add a comment...

Marc Ruef

Shared publicly  - 
 
Nine different wearable fitness trackers have been put under the microscope, in order to explore how well they are protecting users' data. And it's not all good news...
1
Martin Suess's profile photo
 
Security is hard and the IoT industry is about to find out soon I believe.
Add a comment...

Marc Ruef

Shared publicly  - 
 
It appears to be impossible to determine the exact release day of MS IIS 4.0 ... It was in 1997 but no more accuracy :(
1
Andrew van der Stock's profile photoMarc Ruef's profile photo
4 comments
 
Nice, thanks :)
Add a comment...
People
Have him in circles
457 people
Jill Young's profile photo
Philipp Stirnemann's profile photo
Charles Windlin's profile photo
Mail Abovei's profile photo
Namunyak Jackline's profile photo
Thomas Bürli's profile photo
Steven Dasz Leung Yuen Feng's profile photo
juan olivarez's profile photo
Yves Torres's profile photo
Education
  • Business School KV, Baden
    Travel Consultant, 1997 - 2000
    Business travel, train travel in Europe
  • Business School KV, Baden
    SIZ PC User, 1998 - 1999
    Windows, office, network and Internet usage
  • AWB, Wettingen
    SIZ PC Supporter, 1999 - 1999
    Hardware, windows, office and network support
Basic Information
Gender
Male
Story
Tagline
problem solver at http://www.scip.ch | infosec researcher | author | film critic | comic book nerd
Introduction
I am an IT security researcher and penetration tester with his own company. Primarily, we are consulting and auditing Swiss banks regarding information security risks.

Besides that, I maintain computec.ch, a very popular security web site. Furthermore, I have published many papers and books. My last book has the title Die Kunst des Penetration Testing and discusses the efficient approach of doing penetration tests.

http://www.computec.ch/mruef/
Work
Occupation
Security Consultant
Employment
  • scip AG, Zürich
    Member of the Board, 2003 - present
    Leading and executing technical vulnerability assessments and penetration tests, development of tools, exploits and backdoors, publishing articles and papers.
  • Inter-Networking AG, Dietikon
    Security Consultant, 2001 - 2002
    Establishment of a team which is providing vulnerability assessments and execution of such projects. Additional maintenance of different security products (e.g. TrendMicro OfficeScan, Finjan SurfinGate, Symantec ESM, etc.).
  • Biodata Information Technology AG, Rümlang
    IT Security Expert, 2000 - 2001
    Internal consulting regarding information security issues, security testing of own products (e.g. firewalls and isdn encryption devices), publishing articles and papers.
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Zürich, Switzerland
Previously
Links
YouTube
Contributor to
Marc Ruef's +1's are the things they like, agree with, or want to recommend.
What is a "good" memory corruption vulnerability?
googleprojectzero.blogspot.com

Posted by Chris Evans, register whisperer. Part 1 of 4. There are a lot of memory corruption vulnerabilities in software, but not all are cr

7 things you probably don't know about the hidden 'deep' web | ZDNet
www.zdnet.com

The deep and dark web may have a reputation for the illegal and illicit, but it can be a lifeline to many in oppressive and dangerous regime

The Secrecy of the Snowden Documents - Schneier on Security
www.schneier.com

The Secrecy of the Snowden Documents. Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British

Wearable fitness trackers tested for data leakage and poor security
grahamcluley.com

Nine different wearable fitness trackers have been put under the microscope, in order to explore how well they are protecting users' data. A

Embedded in Academia : Defending Against Compiler-Based Backdoors
blog.regehr.org

Scotty Bauer (a Utah grad student), Pascal Cuoq, and I have an article in the latest PoC||GTFO about introducing a backdoor into sudo using

Hack in Paris 2015 - A Short Review
www.scip.ch

Labs: Hack in Paris 2015 - A Short Review. at Monday, 22. June 2015 by Veit Hailperin | G+ · Hack in Paris is France's biggest IT security c

Cardinals Investigated for Hacking Into Astros’ Database - The New York ...
www.nytimes.com

The F.B.I. and the Justice Department are investigating whether officials for the St. Louis Cardinals hacked into the networks of the Housto

The Chinese Darknet
krypt3ia.wordpress.com

Chinese Darknets The Darknet, or Dark Web, just saying it seems to emote some strange land filled with dark corners to the great media unwas

Could Emoji Passcodes be Safer for Online Bank Users?
www.tripwire.com

Don't be surprised if some banking apps start to ask you for your emoji passcode sooner rather than later.

Complex Method of Obfuscation Found in Dropper RealShell
blog.malwarebytes.org

The fight against malware is never-ending for a threat researcher, and in the mobile malware arena the fight is becoming more complex at an

The real story of how the Internet became so vulnerable
www.washingtonpost.com

Scientists worried about intruders and military threats, but they didn’t anticipate that the network’s users would attack one another.

Bypassing Jailbreak Detection Using Xcon - InfoSec Institute
resources.infosecinstitute.com

In this small article, we will look at a very handful utility named Xcon for bypassing Jailbreak detection. As per the wiki page ... xCon is

Reassessing Airport Security - Schneier on Security
www.schneier.com

Reassessing Airport Security. News that the Transportation Security Administration missed a whopping 95% of guns and bombs in recent airport

Kaspersky being hacked is a lesson for us all
grahamcluley.com

Often times it's not the fact that your business has been hacked that will lose your customers' confidence, but the way your company respond

6 Digits Are Better Than 4! iOS 9 to Boost Passcode Security
www.intego.com

Apple is beefing up security on iDevices running iOS 9, by requiring users to upgrade from a 4-digit passcode to one containing 6 digits. Tw

Problematic Wassenaar Definitions - F-Secure Weblog : News from the Lab
www.f-secure.com

F-Secure Security Labs brings you the latest online security news from around the world. Ensure that you are up-to-date with the latest onli

Reverse Engineering of Embedded Devices - InfoSec Institute
resources.infosecinstitute.com

Introduction This article is for colleagues who are interested in studying the reverse engineering of embedded devices starting from the int

Cyber Threat Assessment Template For Special Forces - InfoSec Institute
resources.infosecinstitute.com

The growing number of cyber threats highlight the risks that US critical infrastructure and Special Forces face. Once considered weak in nat

What's the state of iPhone PIN guessing
blog.erratasec.com

I think even some experts have gotten this wrong, so I want to ask everyone: what's the current state-of-the-art for trying to crack Apple P

Public - 3 months ago
reviewed 3 months ago
Public - 3 months ago
reviewed 3 months ago
Public - 3 months ago
reviewed 3 months ago
7 reviews
Map
Map
Map
Public - 3 months ago
reviewed 3 months ago
Public - 3 months ago
reviewed 3 months ago