Alexander Hagenah

Cybersecurity Leader | Speaker | Advisor

With over two decades in cybersecurity, evolving from an ethical hacker to an international cybersecurity strategist, I stand at the forefront of combating digital threats.

My career has spanned across numerous sectors, equipping me with a versatile skill set that enables me to thrive in various global growth environments. My agility in adapting to rapid business and technological changes has been crucial in delivering innovative solutions.

I have a strong record of collaboration with law enforcement and intelligence agencies across 50 countries, playing a pivotal role in advancing cybersecurity measures to counter rising cybercrime.

Beyond technical acumen, my ability to engage with diverse audiences, including technical teams and C-level executives, has made me a prominent figure at international forums.

At SIX, I am spearheading the development of an advanced offensive security team, and at HackerOne, I contribute to strategy and product direction as well as discussing important business and industry topics.

Professional Experience

05/2021 - Present

Head Cyber Controls / Offensive Cyber Security Lead

SIX Group AG

Zurich, Switzerland
02/2023 - Present

Advisory Council Member

Harvard Business Review

Brighton, United States
07/2022 - Present

Technical Advisory Board


San Francisco, United States
04/2017 - 04/2021

Chief Technology & Innovation Officer


Munich, Germany
12/2009 - 04/2017

Senior Offensive Security Specialist


Dubai, United Arab Emirates
2007 - 2009

Senior Offensive Security Specialist


Dubai, United Arab Emirates


2022 - 2023

Executive Certificate, Managemet & Leadership

MIT Sloan Executive Education

Cambridge, MA, United States

Executive Certificate, Cybersecurity Risk Management

Harvard University

Cambridge, MA, United States


Global Cybersecurity Leadership

With over two decades in the cybersecurity domain, my career journey has evolved from a foundation in hacking to leading international teams in complex security environments. My experience spans various sectors, providing me with a nuanced understanding of diverse cybersecurity challenges and solutions. This extensive background empowers me to effectively manage and lead teams in developing and implementing strategic security measures on a global scale.

Expertise in Cybersecurity

My deep understanding of cybersecurity is rooted in more than 20 years of experience in the field, beginning with an early focus on ethical hacking. This journey has equipped me with a profound knowledge of cyber threats and defense mechanisms, enabling me to develop sophisticated strategies and solutions that address evolving security challenges.

Public Speaking and Advisory

As a recognized speaker, I've shared my insights at various international conferences (such as Interpol & Europol), extending beyond law enforcement to a broader range of cybersecurity topics. My ability to engage with a wide array of audiences, from technical experts to business leaders, underscores my role as a trusted advisor and thought leader in the cybersecurity community.

Innovative Cybersecurity Strategist

My approach to cybersecurity is characterized by a commitment to innovation and strategic problem-solving. With a career marked by continuous learning and adaptation, I've developed a knack for identifying and implementing cutting-edge security strategies that effectively mitigate risks and strengthen organizational resilience in the face of cyber threats.



This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. It was featured in WIRED, ZDNet, Ars Technica and many other media outlets.

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

This script presents a proof of concept (PoC) for CVE-2024-21413, a significant security vulnerability discovered in Microsoft Outlook with a CVSS of 9.8. Termed the #MonikerLink bug, this vulnerability has far-reaching implications, including the potential leakage of local NTLM information and the possibility of remote code execution. Moreover, it highlights an attack vector that could bypass Office Protected View, thereby extending its threat to other Office applications.


SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats.


A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.

Interactive Website (

CISA Catalog of Known Exploited Vulnerabilities

The script, which is designed to be user-friendly and efficient, allows users to search through the CISA Catalog database offline for specific products or vendors, and then displays detailed information about any vulnerabilities that have been identified in those products or by those vendors. The information that is displayed also includes the vulnerability's Common Vulnerabilities and Exposures (CVE) number including a link to the NIST database. It also features the possibility to display enhanced information about specific CVEs.

WinRAR CVE-2023-38831 (Metasploit Module)

This Metasploit module exploits a vulnerability in WinRAR 6.22 (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.

BitDefender for Mail Servers Malware Detection Bypass

BitDefender Mail Server Scan-Engine could be bypassed by manipulating email attachments. Specifically, if an email contained multiple attachments, the engine would only scan the first one, ignoring subsequent attachments, which could potentially carry malicious content. This vulnerability was particularly relevant to UUencoded mails.


zigstack is for hardening the TCP/IP Stack (e.g. against DoS-Attacks) of Windows NT, 2000, XP, 2003-based workstations and servers.


Spoofed Packet Generator for Windows & DDoS network testing tool.


ipcshares can deactivate (or activate) the so-called IPC$-shares of WindowsNT, 2000 & XP computers. Those shares are enabled by default and can pose a security risk.


igmpflood is a simple tool for sending malformed IGMP packets to test the hardening of a target address.

RCON plaintext password exposure

RCON protocol is used to administrate your Half-Life/Counter- Strike Server. This advisory shows that it transmits the administrator password in plaintext over the wire.


A paper describing the basics, functionalities and security weaknesses in the IEEE 802.11 (WLAN) standard. Includes a CLI wifi scanner running on Linux/UNIX.

IIS anonymous lockout

Advisory on a default account used by the Microsoft IIS webserver for anonymous access which can be locked out. With this a website can be remotely shut down.

IIS ism.dll HTR truncation

Advisory affecting Microsoft IIS webserver 4/5 by calling ISM.DLL which allows appending a set of charaters to force the webserver to display the source code of the requested file.


This document shows an attacking technique which allows to misuse secured connection like SSL.

SNiFFiNG FAQ (German)

This document describes how network sniffing works and how it can be (ab)used.


GPG Key [0x80DD8C331ACD3D0F]