Alexander Hagenah

Senior Security Specialist & Consultant

Personal Profile

My name is Alexander Hagenah. I was born in Cuxhaven, Germany and raised in Stade, a nice little village close to Hamburg, Germany. In 2007 I moved to Dubai, UAE.

I was quite young when I discovered my fascination for technology and I'm happy to say that I've been able to turn my technical affinity into a profession. For over one decade I'm working in IT security. Today I'm working as an Senior Security Specialist & Consultant for Law Enforcement and Intelligence Agencies around the world.

Apart from my passion for computers/technology, I am a true sports aficionado, admittedly more passive than active these days - be it boxing, UFC or naturally football, which is my favourite sports.

Publications

More recent applications, scripts or whitepaper will currently not be released.

bgrab

2013-05-14

bgrab is a bash-written script to scan single hosts or network ranges for webserver banners. Those banners will be highlighted with BEL or color if matches a pregiven array of strings. It just makes use of `netcat' and includes logging functionalities. It was designed to scan for CVE-2013-2028 (nginx stack-based buffer overflow) vulnerability.

x360tool

2009-09-29

x360tool is designed for anyone who wants to check your(!) XBOX 360 game ISO with abgx360 for validity and to burn your(!) XBOX 360 game ISO to a DL DVD.

AD Eventlog

2005-07-17

AD Eventlog is an application for configuring and setting parameters for Active Directory Logging in a graphical interface.

BitDefender for Mail Servers Malware Detection Bypass

2005-07-15

Advisory of a vulnerability in BitDefender for Mail Servers, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing attachments and can be exploited via a specially crafted UUencoded mail with multiple attachments. Successful exploitation causes malware in an attachment to pass the scanning functionality undetected. The vulnerability has been reported in engine versions 1.6.1 and prior for Linux and FreeBSD.

zigstack

2004-08-09

zigstack is for hardening the TCP/IP Stack (e.g. against DoS-Attacks) of Windows NT, 2000, XP, 2003-based workstations and servers.

xxpoof

2004-05-17

xxpoof is a tool, which is designed to send spoofed packets with destination and source port of your choice. Just give the tool any destination address, where the spoofed packets will be send to. The user can also control the delay between the packets sent and the number of packets to send.

ipcshares

2003-05-28

ipcshares can deactivate (or activate) the so-called IPC$-shares of WindowsNT, 2000 & XP computers. Those shares are enabled by default and can pose a security risk.

igmpflood

2003-04-01

igmpflood is a simple tool for sending malformed IGMP packets to test the hardening of a target address.

RCON plaintext password exposure

2003-03-18

RCON protocol is used to administrate your Half-Life/Counter- Strike Server. This advisory shows that it transmits the administrator password in plaintext over the wire.

CATCHiNG THE AiR STUFF (German)

2002-09-18

A paper describing the basics, functionalities and security weaknesses in the IEEE 802.11 (WLAN) standard. Includes a CLI wifi scanner running on Linux/UNIX.

IIS anonymous lockout

2002-05-07

Advisory on a default account used by the Microsoft IIS webserver for anonymous access which can be locked out. With this a website can be remotely shut down.

IIS ism.dll HTR truncation

2001-10-11

Advisory affecting Microsoft IIS webserver 4/5 by calling ISM.DLL which allows appending a set of charaters to force the webserver to display the source code of the requested file.

HYPERLiNK-SPOOFiNG (German)

2001-08-02

This document shows an attacking technique which allows to misuse secured connection like SSL.

SNiFFiNG FAQ (German)

2000-02-07

This document describes how network sniffing works and how it can be used.

Skills & Expertise

Regular speaker on Law Enforcement and IT Security Conferences such as:

  • Law Enforcement Conferences, Worldwide

    2010 - today

  • The 5th ICT Security Forum - Damascus, Syria

    2009-07-27

  • Systems - Munich, Germany

    2002-10-14

Miscellaneous:

  • Co-Authoring IT security related books
  • "Live hacking" on German TV channels like ARD & Sat.1

Key Skills:

  • OSINT, HUMINT, SIGINT
  • Lawful Interception
  • Information Security
  • Vulnerability Assessment
  • Mobile Security
  • Web Application Security

Contact

E-Mail

PGP/GnuPG

  • E-Mail: ah@primepage.de
  • Key ID (RSA 2048bit): 0x3F895273
  • Fingerprint: F9E2 912E 3902 54D1 AC04 4AF7 88E6 111F 3F89 5273
  • Download
Copyright © 1998-2014 Alexander 'xaitax' Hagenah  |  All rights reserved