Alexander Hagenah

Senior Security Specialist

Law Enforcement & Intelligence Consultant

Personal Profile

My name is Alexander Hagenah. I was born & raised near Hamburg, Germany and in 2007 moved to Dubai, UAE. I was quite young when I discovered my fascination for technology and I'm happy to say that I've been able to turn my technical affinity into a profession.

Today, I am a Senior IT Security Specialist & CTIO, who excels in profound applications and advisories tasks and complex solution finding. Having almost 15 years of work experience integrating groundbreaking technical expertise and providing numerous recognized contributions to the IT security community.

My profound analytical skills and communicative competence helped me to drive my professional career as a consultant at a very young age. Since then I accomplished many interesting and challenging projects in the area of IT Security and in direct contact with the customer.

For over 10 years I now have been operating worldwide for Law Enforcement & Intelligence agencies around the world.

Apart from my passion for computers/technology, I am a true sports aficionado, admittedly more passive than active these days - be it boxing, UFC or naturally football, which is my favourite sports.

Skills & Expertise

Regular speaker on Law Enforcement and IT Security Conferences such as:

  • Law Enforcement Conferences, Worldwide

    2010 - today

  • The 5th ICT Security Forum - Damascus, Syria


  • Systems - Munich, Germany



  • Co-Authoring IT security related books
  • "Live hacking" on German TV channels like ARD & Sat.1

Key Skills:

  • Cyber Investigation
  • Intelligence Gathering
  • Lawful Interception
  • Information Security
  • Vulnerability Assessment
  • Mobile Security
  • Web Application Security


More recent applications, scripts or whitepaper will currently not be released.



bgrab is a bash-written script to scan single hosts or network ranges for webserver banners. Those banners will be highlighted with BEL or color if matches a pregiven array of strings. It just makes use of `netcat' and includes logging functionalities. It was designed to scan for CVE-2013-2028 (nginx stack-based buffer overflow) vulnerability.



x360tool is designed for anyone who wants to check your(!) XBOX 360 game ISO with abgx360 for validity and to burn your(!) XBOX 360 game ISO to a DL DVD.

AD Eventlog


AD Eventlog is an application for configuring and setting parameters for Active Directory Logging in a graphical interface.

BitDefender for Mail Servers Malware Detection Bypass


Advisory of a vulnerability in BitDefender for Mail Servers, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing attachments and can be exploited via a specially crafted UUencoded mail with multiple attachments. Successful exploitation causes malware in an attachment to pass the scanning functionality undetected. The vulnerability has been reported in engine versions 1.6.1 and prior for Linux and FreeBSD.



zigstack is for hardening the TCP/IP Stack (e.g. against DoS-Attacks) of Windows NT, 2000, XP, 2003-based workstations and servers.



xxpoof is a tool, which is designed to send spoofed packets with destination and source port of your choice. Just give the tool any destination address, where the spoofed packets will be send to. The user can also control the delay between the packets sent and the number of packets to send.



ipcshares can deactivate (or activate) the so-called IPC$-shares of WindowsNT, 2000 & XP computers. Those shares are enabled by default and can pose a security risk.



igmpflood is a simple tool for sending malformed IGMP packets to test the hardening of a target address.

RCON plaintext password exposure


RCON protocol is used to administrate your Half-Life/Counter- Strike Server. This advisory shows that it transmits the administrator password in plaintext over the wire.



A paper describing the basics, functionalities and security weaknesses in the IEEE 802.11 (WLAN) standard. Includes a CLI wifi scanner running on Linux/UNIX.

IIS anonymous lockout


Advisory on a default account used by the Microsoft IIS webserver for anonymous access which can be locked out. With this a website can be remotely shut down.

IIS ism.dll HTR truncation


Advisory affecting Microsoft IIS webserver 4/5 by calling ISM.DLL which allows appending a set of charaters to force the webserver to display the source code of the requested file.



This document shows an attacking technique which allows to misuse secured connection like SSL.

SNiFFiNG FAQ (German)


This document describes how network sniffing works and how it can be used.




  • E-Mail:
  • New GPG Key as of 08/11/2014
  • Key ID (RSA 4096bit): 0x917DFE66
  • 6275 0335 2312 522A 692E 0982 438F FEC6 917D FE66
  • Download
Copyright © 1998-2016 Alexander 'xaitax' Hagenah  |  All rights reserved