[Hemmerling] Security

Related page:

• Cryptography.
• Data Privacy - Encryption, Passwords, Trust.
• Good Coding ! - Software Coding, Coding Rules, Static Code Analysis, Code Reviews.
• Legal Matters.

• DsiN-Digitalführerschein ( DiFü ) - According to experts, it needs about 1 week of full work, to pass all levels of education.

• Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit.
  • RuhrSec – IT Security Conference in Bochum.
    • YouTube "Hackmanit – IT Security, @hackmanit-it-security" - Conference videos.
    • Events:
      1. RuhrSec 2016, 2016-04-28 - 2016-04-29.
      2. RuhrSec 2017, 2017-05-02 - 2017-05-05.
      3. RuhrSec 2018, 2018-05-15 - 2018-05-18.
      4. RuhrSec 2019, 2019-05-27 - 2019-05-29.
         • YouTube Playlist, Hackmanit – IT Security "RuhrSec 2019: Day 1".
      5. The virtual conference RuhrSec 2020, 2025-05-05 - 2025-05-08.
         • YouTube Playlist, Hackmanit – IT Security "RuhrSec 2020 #StayAtHome Edition".
      6. RuhrSec 2021 .
      7. RuhrSec Day, 2022-05-05.
         • YouTube Playlist, Hackmanit – IT Security "RuhrSec 2022".
         • No travel by “9-EUR-Ticket” .
      8. RuhrSec 2023, 2023-05-11 - 2023-05-12.
         • YouTube Playlist, Hackmanit – IT Security "RuhrSec 2023".
         • Ruhr-Universität Bochum, Fakultät für Informatik "News", 2023 - “5-jähriges Jubiläum der RuhrSec: Die Non-Profit Konferenz für IT-Sicherheit feiert Meilenstein. Vom 11. bis zum 12. Mai bot die RuhrSec wieder hochkarätige Vorträge zu aktuellsten Themen der IT-Sicherheit und feierte so mit etwa 150 Gästen im Veranstaltungszentrum der Ruhr-Universität Bochum ihr fünfjähriges Bestehen ... Die Teilnahme ist kostenlos. Für einen Snack ist gesorgt ...”.
         • No travel by “Deutschlandticket” yet .
      9. RuhrSec 2024 .
      10. RuhrSec 2025, 2025-02-20 - 2025-02-21.
          • YouTube, Hackmanit – IT Security "RuhrSec 2025".
          • Travel by “Deutschlandticket” possible.
    • LinkedIn "RuhrSec".
    • Twitter "RuhrSec – IT Security Conference".
  • Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit, NRW-Forschungskolleg SecHuman "Veranstaltungen".
    • “3rd SecHuman Summer School – Brave New World: Security for Humans in Cyberspace at Ruhr-Universität Bochum”, 2019-06-03 - 2019-06-06.
• Conference secIT by heise - meet. learn. protect, Hannover.
  • Dates:
    1. 2018-03-06 - 2018-03-07 secIT @ HCC.
    2. 2019-03-13 - 2019-03-14 secIT @ HCC.
    3. 2020.
    4. 2021-02-23 - 2021-02-25 secIT digital.
       • Vimeo - Search for "talque".
    5. secIT 2022 @ HCC, 2022-03-30 - 2022-03-31.
    6. secIT digital 2022, 2022-09-13 - 2022-09-14.
    7. secIT 2023 @ HCC, 2023-03-13 - 2023-09-14.
    8. secIT digital 2023, 2023-09-13 - 2023-09-14.
    9. secIT 2024 & secIT 2024 digital @ HCC, 2024-03-06 - 2024-03-07. I joined .
       • The free online event secIT digital – die Online-Konferenz für Security-Experten.
       • heise-events Tickets "secIT digital" .
    10. secIT digital 2025, 2025-09-10 - 2025-09-11.
        • secIT digital "Tickets"
    11. secIT 2026 @ HCC, 2026-03-18 - 2026-03-19. I joined .
        • "Sponsored Messe-Ticket (18. und 19.03.2026)" - “Ticket verfügbar bis 15.12.2025”.
  • Online conference tool for Smartphone app & web interface is Talque.
• Barcamp SecCamp Cologne 2019 - das Barcamp rund um IT Security in Köln ( 2019-06-15 - 2019-06-16 ).
• Free online event ”Symphony 2021” by Palo Alto Networks, “The Global Cybersecurity Leader” ( 2021-04-21 - 2021-04-22 ).
• The commercial conference Deutscher IT-Security Kongress 2022, 2022-09-29 with free online streaming .
  • vystem "Deutscher IT-Security Kongress 2022" - Login.
• it-sa Expo&Congress - Europas führende Fachmesse für IT-Sicherheit by NürnbergMesse GmbH.
  • Free online events it-sa 365 "IT Security Talks.
    • 2023-03-07 - 2023-03-08.
    • 2024-04-16 - 2024-04-17, 2024-06-11 - 2024-06-12.
  • it-sa 365 "IT Security Talks März 2023", Stefan Strobel, CEO cirosec GmbH "Supply Chain Attacks – Sicherheitsrisiken aus der Lieferkette. Im Rahmen der Event-Partnerschaft zeigen wir Ihnen eine Aufzeichnung von der secIT Digital 2022".
• The commercial event NRW Sicherheitstag by ASW West - Allianz für Sicherheit in der Wirtschaft West e.V. .
  1. NRW Sicherheitstag 2024, 2024-06-25 @ Deloitte GmbH, Erna-Scheffler-Straße 2, D-40467 Düsseldorf - “Die Teilnahme am NRW Sicherheitstag 2024 ist kostenpflichtig”.
  2. NRW Sicherheitstag 2023, 2023-08-07 @ Post Tower, Platz der deutschen Post, D-53113 Bonn.
  3. NRW Sicherheitstag 2022, 2022-08-24 @ BayArena Leverkusen.
  4. NRW Sicherheitstag 2021, 2021-10-27 @ Zeche Zollverein in Essen.
  5. NRW Sicherheitstag 2020.
  6. NRW Sicherheitstag 2019, 2019-09-05 @ G DATA Software AG in Bochum.
  7. NRW Sicherheitstag 2018, 2018-07-04 @ Umspannwerk Recklinghausen.
  8. NRW Sicherheitstag 2017.
• The free event IT-Sicherheitstag NRW.
  1. 2025-12-03 @ Alte Kokerei Hansa.
     • DE.Wikipedia "Kokerei Hansa".
     • Stiftung Industriedenkmalpflege und Geschichtskultur "Kokerei Hansa", Emscherallee 11, D-44369 Dortmund.
     • Co-event with Deutsch-Baltische Handelskammer (AHK) "5th German-Baltic Digital Summit in Dortmund", 2025-12-02 - 2025-12-04.
     • Travel by “Deutschlandticket” possible.
  2. 2024-12-11 @ World Conference Center, Bonn.
     • Travel by “Deutschlandticket” possible.
  3. 2023-11-30 @ HALLE TOR 2, Köln.
     • Travel by “Deutschlandticket” possible.
  4. 2022 ( hybrid event ).
  5. 2021 ( online event ).
  6. 2020 ( online event ).
  7. 2019 @ Stadthalle Hagen.
  8. 2018 @ Historische Stadthalle Wuppertal.
  9. 2017 @ Colosseum Theater Essen.
  10. 2016 @ World Conference Center Bonn (WCCB).
  11. 2015 @ Hugo Junkers Hangar Mönchengladbach.
  12. 2014 @ Stadthalle Hagen.
  13. 2013 @ KOMED, Köln.
• The commercial conference Cybersecurity Summit, 2024-06-19, 2025-05-14, 2025-05-20 - 2026-05-21 in Hamburg.
  • “The leading annual expo, trade show and conference for procurement innovation in the German market”.
• IT-Dienstleistungsgesellschaft mbH Emsland "Konferenz für effektive Informationssicherheit 2025", 2025-11-06.

• BSI "Zweites Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz 2.0)".
• EN.Wikipedia "Information security", DE.Wikipedia "Informationssicherheit".

• EN.Wikipedia "Cyber-security regulation".
• DE.Wikipedia "NIS-2-Richtlinie" - “NIS 2 Directive”.
• Free online webinars BSI "#nis2know - wie ist der Stand?", 2025-10-16, 14:00 - 15:00.

• EN.Wikipedia "Cyber Resilience Act", DE.Wikipedia "Cyberresilienz-Verordnung".

• The commercial service iubenda s.r.l "Compliance Solutions for Websites, Apps and Organizations".
  • For websites/apps - Privacy and Cookie Policy Generator.
  • For websites/apps - Cookie Solution. Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and US Privacy Framework.
  • For websites/apps - Terms and Conditions Generator. Create your terms and conditions in minutes.

• Bayerisches Landesamt für Datenschutzaufsicht.
  • Bayerisches Landesamt für Datenschutzaufsicht "EU-Datenschutz-Grundverordnung".
• European Commission "Justice / Data protection" - "Reform of EU data protection rules" - “While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018”.
• European Commission - Press release database "Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses".
• Gesellschaft für Datenschutz und Datensicherheit e.V..
  • Gesellschaft für Datenschutz und Datensicherheit e.V. "Praxishilfen DS-GVO".
• S-CON DATENSCHUTZ.
  • S-CON DATENSCHUTZ - Mandantenbereich - Password-protected download offers.
  • S-CON DATENSCHUTZ "GDD-Praxishilfe DS-GVO VI. Textausgabe DS-GVO mit Zuordnung des BDSG", "GDD-Praxishilfe DS-GVO VI. Textausgabe DS-GVO mit Zuordnung des BDSG" ( PDF ).
• EN.Wikipedia "General Data Protection Regulation", DE.Wikipedia "Datenschutz-Grundverordnung".

• Allianz für Cyber-Sicherheit ( ACS ).
• CIS Center for Internet Security.
  • EN.Wikipedia "Center for Internet Security", DE.Wikipedia "Center for Internet Security".
• Verband für Sicherheit in der Wirtschaft Norddeutschland e.V. ( VSWN e.V. ).
• Verfassungsschutz Niedersachsen "Wirtschaftsschutz - Aufgaben und Ansprechpartner".
• Zentrale Ansprechstelle Cybercrime für die niedersächsische Wirtschaft ( ZAC, Police ).

• Symantec Internet Security Threat Report.
• US-CERT - United States Computer Emergency Readiness Team.
• Secunia Vulnerability Review.

• VDE "Cyber-Security. Der Brandschutz des 21. Jahrhunderts".
• EN.Wikipedia "Information security management system", DE.Wikipedia "Information Security Management System" ( ISMF ).
• DE.Wikipedia "IT-Grundschutz-Kataloge".

• Exploits Database by Offensive Security.
• IBM.
  • IBM "IBM X-Force Exchange" - “Research, Collaborate and Act on threat intelligence”.
  • IBM Security "IBM X-Force" - “Forschung in der IT-Sicherheit, Erfassung globaler aktueller Bedrohungsdaten und Erstellung von Bedrohungsanalysen für intelligente Sicherheitslösungen”.
• SHODAN - Computer Search Engine.
  • SHODAN - Computer Search Engine "Shodan API’s documentation".
  • EN.Wikipedia "Shodan (website)".
• Stop Forum Spam - “We provide lists of spammers that persist in abusing forums and blogs with their scams, ripoffs, exploits and other annoyances”.

• Hasso-Plattner-Institut "Identity Leak Checker".

• ExploitHub - “The First Legitimate Marketplace For Validated, Non-Zero-Day Exploits For Security Professionals”.

• Free “Active Directory” security tools & Windows security baselines:
  • Semperis "Purple Knight".
  • Ping Castle.
  • “Microsoft Security Baselines”.
    • Microsoft Ignite "Security baselines".
• The free Greenbone OpenVAS - “Open Vulnerability Assessment Scanner”.
  • Greenbone.
    • Greenbone "Testnow" - “Greenbone Free”.
  • GitHub "Greenbone".
  • Evrytng is BROEKN "Install Greenbone Vulnerability Manager 11 on Ubuntu 19.04 from source... Part 1".
• Microsoft.
  • Microsoft Security TechCenter "Microsoft Baseline Security Analyzer" for W2k, WinXP.
  • Microsoft Security Compliance Manager for Win7, Vista.
    • Microsoft TechNet "Microsoft Security Compliance Manager".
  • Microsoft Security TechCenter "Enhanced Mitigation Experience Toolkit".
    • Microsoft Download Center "Enhanced Mitigation Experience Toolkit (EMET) 5.5", .NET 3.5 application for Windows 10 , Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Vista.
    • EN.Wikipedia "Enhanced Mitigation Experience Toolkit".
  • The free Shavlik NetChk Limited for legacy Windows systems .
• Bundesamt für Sicherheit in der Informationstechnik ( BSI ).
  • BSI "BOSS (BSI OSS Security Suite)".
    • heise-online "BOSS (BSI OSS Security Suite)" ( 2005-06-16 ).
    • heise online "BSI veröffentlicht Prüfsoftware für Netzwerksicherheit" ( 2006-12-02 ).
• Lavasoft "Ad-Aware Free", a free privacy software - “Echtzeitschutz vor Spyware, Trojanern, Rootkits, Hijackern, Keyloggern und mehr!”.
  • Steve Gibson, Gibson Research Corporation "OptOut" - discontinued.
• Malcolm - “A powerful network traffic analysis tool suite”.
  • GitHub "idaholab / Malcolm" - “A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts”.
  • The software was mentioned on the event “IT-Sicherheitstag NRW 2025” in Dortmund, Germany.
• Spybot - Search & Destroy, a free privacy software.
• xp-AntiSpy, free privacy protection against Microsoft for Windows.

• X-Road.
  • “An open-source software and data exchange layer that provides a secure, standardized, and unified way for organizations (public and private) to exchange data over the internet, ensuring confidentiality, integrity, and interoperability using features like encryption, digital signatures, and access controls”.
  • The software was mentioned on the event “IT-Sicherheitstag NRW 2025” in Dortmund, Germany.

• Neuber Software - the commercial “Network Security Taskmanager” / “Security Task Manager” - “Shows detailed information about all running processes: file path, description, security risk rating, start time, icon”.
• Passware - Password Recovery.

• Cybersecurity & Infrastructure Security Agency ( CISA ) "Free Cybersecurity Services and Tools".

• Avira AntiVir - free antivirus software for Windows. The free edition does not work with Windows server editions like W2k-Server #.
  • Download Avira AntiVir Personal - Free Antivirus.
  • The commercial “Avira AntiVir Professional” is for W2k-Server, but not for Win2003, Win2008.
  • The commercial “Avira AntiVir Server” is for W2k-Server, Win2003, Win2008.
  • The free “AntiVir Free 10.2.0.703” is the latest release for W2k → Download Download Avira AntiVir Personal - Free Antivirus.
  • The legacy “classical” Avira AntiVir 9.0.0.418 of 2009-12-08.
  • On Win7, “Avira AntiVir” asks to deinstall “Microsoft Security Essentials” .
  • “Avira Free 14.07.306” of 2014-10-14 was still installable and runnable on Windows7 computers PIII CPUs.
  • “Avira Free 15.10.434” of 2015-05–26 just work on Windows computers with PentiumIV CPU. It crashes on my Windows7 computer with Athlon2400 CPU ( PentiumIII alike ) .
• avast! free - free antivirus software for Windows. The free edition does not work with Windows server editions like W2k-Server.
• AVG Anti-Virus Free Edition - free antivirus software for Windows. The free edition does not work with Windows server editions like W2k-Server.
• BitDefender Free Edition - free antivirus software for Windows. No resident monitoring sentinel. The free edition does not work with Windows 7 (?) and Windows server editions like W2k-Server.
• ClamAV / Immunet.
  • The free ClamAV for Linux and ClamAV/SOSDG for Windows. It does not provide a real-time guard .
    • Blog ClamAV Blog.
      • Blog article ClamAV Blog "Immunet 3.0 - Powered by ClamAV ", 2011-02-08.
  • The free Immunet by Sourcefire for Windows.
    • Immunet by Sourcefire - Support.
    • Blog Immunet Blog.
• Microsoft.
  • Microsoft Security Essentials.
    • EN.Wikipedia "Microsoft Security Essentials".
  • Microsoft Windows Defender.
    • EN.Wikipedia "Windows Defender".
    • Microsoft Help and Support "Error message when you try to install Windows Defender on a Windows 2000-based computer: 'This software requires GDI+ Please load the Windows 2000 Security Software Prerequisite Pack'".

• Ashampoo FireWall FREE for Windows.
• PWI, Inc. / Privacyware "Privatefirewall" for Windows.

• The commercial “F-PROT Antivirus” by F-PROTF works with W2k-Server, Win2003, Win2008, too.
• Rising Antivirus - commercial antivirus software.
• “longneckoftheoffer”.
  • Loaris.
    • Loaris "Remove longneckoftheoffer.stream pop-ups — Loaris Trojan Remover".
      • Example virus-loaded URL https://longneckoftheoffer.stream/?isp=Vodafone Germany&td=track.caretakerbard.com.
• “Trenced”.
  • Malwaretips.
    • Malwaretips "How to remove Trenced.com pop-up ads (Virus Removal Guide)".
      • VSRevo Group "Revo Uninstaller Freeware".
  • My Anti Spyware "How to remove Trenced.com pop-up ads [Chrome, Firefox, IE, Edge]".
    • “Get rid of Trenced.com from Firefox by resetting web browser settings” (helpful?).

• AV-Comparatives - Independent Tests of Anti-Virus Software.
• VirusTotal - “Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community”.

• Microsoft "Windows Server 2003 Active Directory" ( ADS ).
  • EN.Wikipedia "Active Directory", DE.Wikipedia "Active Directory".
• Microsoft "Internet Security and Acceleration Server" ( ISA ), Microsoft "Forefront Threat Management Gateway" ( TMG ).
  • EN.Wikipedia "Microsoft Forefront Threat Management Gateway", DE.Wikipedia "Microsoft Internet Security and Acceleration Server".
• Microsoft TechNet "Network Access Protection (NAP)".
  • EN.Wikipedia "Network Access Protection", DE.Wikipedia "Microsoft Windows Server 2008" ( “Sicherheit / Network Access Protection” ).

• Windows 10, version 1703.
  • Microsoft Docs "Manage connections from Windows operating system components to Microsoft services", 2017-07-28.
  • Microsoft Docs "Configure Windows telemetry in your organization".
  • Microsoft Docs "Windows 10, version 1703 Diagnostic Dat", 2017-04-05.
• Solutions & suggestions:
  • Implement a proxy server or a firewall in your enterprise network, with mandatory user authorisation.
  • Set these telemetry sites in the “hosts” file to 127.0.0.1, e.g. localhost .
    • v10.vortex-win.data.microsoft.com.
    • settings-win.data.microsoft.com.
    • watson.telemetry.microsoft.com.
    • oca.telemetry.microsoft.com.
    • vortex.data.microsoft.com/collect/v1.

• Gruppenrichtlinien, Mark Heitbrink.
  • Gruppenrichtlinien, Mark Heitbrink "Datenschutz: gp-pack PaT - Privacy and Telemetry", 2017-08-11.

• oxid.it "Cain & Abel" for Win98, W2k, WinXP - “A password recovery tool for Microsoft Operating Systems”.
• Benjamin Delpy, Blog de Gentil Kiwi "mimikatz", GitHub "gentilkiwi/mimikatz" - Reading passwords of Windows users.
  • SlideShare "Benjamin Delpy".
  • Offensive Security "Mimikatz".
  • pentestmonkey. Taking the monkey work out of pentesting "mimikatz: Tool To Recover Cleartext Passwords From Lsass".
• CrackStation - “Free Password Hash Cracker”.
• SecurityXploded - “An Infosec Research Organization offering more than 200 FREE Security/Password Recovery Tools...”.

• Metasploit - “World's most used penetration testing software”.
  • Armitage for Windows and Linux - “A scriptable red team collaboration tool for Metasploit”.
  • EN.Wikipedia "Metasploit Project", DE.Wikipedia "Metasploit".
• GitHub "PowerShellMafia/PowerSploit" - “PowerSploit - A PowerShell Post-Exploitation Framework”.
  • Penetest Geek "PowerSploit: The Easiest Shell You’ll Ever Get" - “PowerSploit is a collection of security-related modules and functions written in PowerShell. PowerSploit is already in both BackTrack and Kali”.

• EN.Wikipedia "IPsec", DE.Wikipedia "IPsec".

• SourceForge "XCA - X Certificate and key management", SourceForge "xca".

• I was told by experts, that the PHOENIX CONTACT "PROFICLOUD Technology" uses TLS for securing the data transfer to the cloud.
• EN.Wikipedia "Transport Layer Security", DE.Wikipedia "Transport Layer Security" ( TLS ) - “Seit Version 3.0 wird das SSL-Protokoll unter dem neuen Namen TLS weiterentwickelt und standardisiert, wobei Version 1.0 von TLS der Version 3.1 von SSL entspricht. Bekannte Implementierungen des Protokolls sind OpenSSL und GnuTLS”.

• OpenVPN Technologies, Inc. "OpenVPN".
• EN.Wikipedia "OpenVPN", DE.Wikipedia "OpenVPN".
• The OpenSource software OpenVPN GUI for Windows,

• ExpressVPN.
• NordVPN.

• EN.Wikipedia "Virtual Private Network", DE.Wikipedia "Virtual Private Network"

• EN.Wikipedia "Zero trust security model", DE.Wikipedia "Zero Trust Security".

• CWE - Common Weakness Enumeration - “A Community-Developed Dictionary of Software Weakness Types”.
  • CWE - Common Weakness Enumeration "2011 CWE/SANS Top 25 Most Dangerous Software Errors".
  • “Common Weakness Scoring System (CWSS)”.
  • “Common Weakness Risk Analysis Framework (CWRAF)”.

• MITRE Corporation.
  • Common Vulnerabilities and Exposures ( CVE ).
• heise "Schubladen für Schwachstellen: Das CVE-System im Überblick", 2020.
• Institut für Arbeitsschutz der Deutschen Gesetzlichen Unfallversicherung ( IFA ) "Das Common Security Advisory Framework (CSAF)".
• EN.Wikipedia "Common Vulnerabilities and Exposures", DE.Wikipedia "Common Vulnerabilities and Exposures".

• OWASP - The free and open software security community.
  • OWASP "Category:OWASP Top Ten 2013 Project".
  • OWASP "Germany/Projekte/Top 10 fuer Entwickler-2013/Inhaltsverzeichnis"
  • OWASP Mobile Security Project "Top 10 Mobile Risks".
  • OWASP "OWASP API Security Project" - “API Security Top 10 2023”.
  • OWASP "OWASP TOP 10 FOR JAVA EE. THE TEN MOST CRITICAL WEB APPLICATION SECURITY VULNERABILITIES FOR JAVA ENTERPRISE APPLICATIONS. OWASP SPRING OF CODE PROJECT 2007" ( PDF ).

• SANS Institute.
  • SANS Institute "Critical Security Controls" - “Top 20 Critical Controls”.
  • SANS Institute "CWE/SANS TOP 25 Most Dangerous Software Errors".
• Troy Hunt.
  • Troy Hunt "Free eBook: OWASP Top 10 for .NET developers" ( 2011-12 ) - Free PDF book.
  • Troy Hunt "OWASP Top 10 for .NET developers part 1: Injection" ( 2010-05 ) → Part 1 - part 10.
  • SlideShare "John Kary: Scared Straight: Mitigating OWASP Top 10 with PHP".

• qSkills "CSAF Community Days and Workshops 2025" ( qSk!lls ).
  • “An Architecture for Matching CSAF Documents on Industrial Asset Inventories. Daniel Rittershofer (Fraunhofer IOSB): We present BSI’s project 625 on CSAF matching in industrial environments. The aim of the project is to match an industrial asset inventory with a CSAF document database so that operators can efficiently identify relevant security advisories for the assets contained in their plants. We present our system architecture and implementation as well as our approach to matching CSAF documents to device and software asset information. The open-source asset inventory NetBox serves as our asset inventory. We integrate the interaction with the CSAF matching system as well as the processing and tracking of the processing status of matches into NetBox as a plugin”.
• NetBox Labs - “The world’s platform for network and infrastructure management”.
  • NetBox Labs "NetBox Cloud Free Plan" - “The full power of NetBox in a secure, fully-hosted SaaS platform. For free”.
  • GitHub "netbox-community / netbox" - “The premier source of truth powering network automation. Open source under Apache 2”.

• CSAF.
  • CSAF "Community Days 2025", 2025-11-13 - 2025-11-14 in Nürnberg.
  • GitHub "oasis-tcs / csaf" - “OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code”.
• Bundesamt für Sicherheit in der Informationstechnik ( BSI ) "Common Security Advisory Framework (CSAF)" - “Ein standardisiertes und quelloffenes Framework zur Kommunikation und automatisierbaren Verteilung von maschinenverarbeitbaren Schwachstellen- und Mitigationsinformationen, so genannten Security Advisories”.
• Greenbone "Wie CSAF 2.0 automatisiertes Schwachstellenmanagement vorantreibt".
• qSkills "CSAF Community Days and Workshops 2025" ( qSk!lls ).
• EN.Wikipedia "OASIS (organization)" - “CSAF — Common Security Advisory Framework, is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties”.
• The software was mentioned on the event “IT-Sicherheitstag NRW 2025” in Dortmund, Germany.

• The commercial DevGuard - “Develop Secure Software. Get full transparency of your Software-Supply-Chain”.
  • GitHub "l3montree-dev / devguard" - “DevGuard Backend - Secure your Software Supply Chain - Attestation-based compliance as Code, manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy - OWASP Incubating Project”.
• OpenCode.
  • OpenCode "DevGuard" - Login.
  • OpenCode "Sicherheit im Entwicklungsalltag verankern mit DevGuard" - “Seit dem letzten openCode Release könnt ihr mit dem Tool DevGuard ohne Spezialwissen Sicherheitsmaßnahmen integrieren, da es ein umfassendes Risikomanagement für Entwickler... bietet”.
• The software was mentioned on the event “IT-Sicherheitstag NRW 2025” in Dortmund, Germany.

• GUAC.
  • GUAC "Trustify" - “The Trustify project is a collection of software components that enables you to store and retrieve Software Bill of Materials (SBOMs), and advisory documents”.
  • GUAC Docs "Trustify Docs".
  • GUAC "Trustify joins GUAC", 2025-08 - ” With Red Hat’s contribution of Trustify to the GUAC project”.
• GitHub "guacsec / trustify" - “Bringing together SBOMs and advisories”.
• RedHat "Red Hat contributes Trustify project to OpenSSF’s GUAC community", 2025-08.
• The software was mentioned on the event “IT-Sicherheitstag NRW 2025” in Dortmund, Germany.

• I was told by experts, that “OpenVPN” and “IPsec” are alternatives .
• EN.Wikipedia "OWASP", DE.Wikipedia "OWASP".

• Bundesamt für Sicherheit in der Informationstechnik.
  • Bundesamt für Sicherheit in der Informationstechnik "Industrial Control System Security - Top 10 Bedrohungen".
  • Bundesamt für Sicherheit in der Informationstechnik "Industrial Control System (ICS) Security".
    • Bundesamt für Sicherheit in der Informationstechnik "In­dus­tri­al Con­trol Sys­tem Se­cu­ri­ty / Emp­feh­lun­gen / Allgemeine Empfehlungen".
      • “ICS Security Kompendium” ( PDF ) #.
      • “Umgang mit dem Ende des Supports für Windows XP” ( PDF ).
    • Bundesamt für Sicherheit in der Informationstechnik "In­dus­tri­al Con­trol Sys­tem Se­cu­ri­ty / Emp­feh­lun­gen / Her­stel­ler und In­te­gra­to­ren / Empfehlungen für Betreiber".
    • “Handhabung von Schwachstellen” ( PDF ).
    • “Vulnerability Handling” ( PDF ).
    • “Anforderungen an netzwerkfähige Industriekomponenten” ( PDF ) #.
  • Event “Industrial Security” by Siemens AG with speech of Holger Junker, Bundesamt für Sicherheit in der Informationstechnik in Bispingen, Germany ( 2014-01-16 ).
    • XING "Holger Junker".
    • LinkedIn "Holger Junker".
    • Twitter "Holger Junker".
    • Hasso Plattner Institut "Holger Junker. SOA Security heute und morgen.
• ISA-99.
  • ISA - The International Society of Automation "ISA99, Industrial Automation and Control Systems Security".
  • Wiki ISA99 Committee on Industrial Automation and Control Systems Security "ISA99 Wiki".
  • EN.Wikipedia "Cyber security standards" → “ISA-99”.
• Siemens.
  • SIEMENS AG "Recommended Security Settings for IPCs in the Industrial Environment",SIEMENS AG "Empfohlene Sicherheitseinstellungen für IPCs im Industrieumfeld", 2015.
  • SIEMENS AG "Security guideline for PC-based automation systems with Windows embedded operating systems", SIEMENS AG "Security Leitfaden für PC-basierte Automatisierungssysteme mit Windows Embedded Betriebssystemen", 2014.
  • Whitepaper "Sicherheitskonzept PCS 7 und WinCC - Basisdokument".
  • SIEMENS "SIMATIC WinCC / SIMATIC PCS 7: Information bezüglich Malware / Virus / Trojaner".
    • EN.Wikipedia "Stuxnet", DE.Wikipedia "Stuxnet".
  • SEIMENS AG "Industrial Security".
• SCADA Strange Love, SCADA Strange Love.
  • Blog Blogspot "SCADA Strange Love".
  • SlideShare "Internet connected ICS/SCADA/PLC Cheat Sheet 2013".
  • YouTube "repdet, sgordey: SCADA Strangelove 2. We already know".
  • Schedule 30C3 "lecture: SCADA StrangeLove 2. We already know".
  • 30C3 - Self-organized Sessions "Hacking SCADA: ICS Penetration testing workshop".
  • Tools:
    • TCPDUMP & LIBPCAP.
    • Wireshark and “tshark”, a terminal oriented version of Wireshark.
    • EN.Wikipedia "Kali Linux", DE.Wikipedia "Kali Linux".
    • Scapy - “powerful interactive packet manipulation program”.
      • Ne dites rien, les mots sont superflus... ( SecDev.org by Phil ).
        • SecDev.org "Scapy".
        • SecDev.org "Scapy v2.1.1-dev documentation. Download and Installation".
  • Positive Technologies - Provider of some other tools.

• Pascal Alich.
  • GitHub "pascalalich/eclipse-oauth-demo".
  • Speech ” Oh Oh OAuth - Eclipse OAuth Integration” at Eclipse DemoCamps December 2014/Hannover.
• EN.Wikipedia "OAuth", DE.Wikipedia "OAuth".

• EN.Wikipedia "Return-oriented programming", DE.Wikipedia "Return Oriented Programming" ( ROP ).

• ZEIT Online "Bundesbehörden sehen Risiken beim Einsatz von Windows 8", 2013-08-29.
• EN.Wikipedia "Trusted Computing", DE.Wikipedia "Trusted Computing".
• EN.Wikipedia "Next-Generation Secure Computing Base", DE.Wikipedia "Next-Generation Secure Computing Base" ( formerly: “Palladium” ).
• EN.Wikipedia "Trusted computing base".
• EN.Wikipedia "Trustworthy computing".
• EN.Wikipedia "Trusted execution environment", DE.Wikipedia "Trusted Execution Environment" ( TEE ) for ARM, x86,...

• Compliance-Magazin.de - Governance, Risk & Compliance. Das GRC Portal.
  • Complianc-Magazin.de - Governance, Risk & Compliance. Das GRC Portal "Zentrale Aspekte des Datenschutzes" - up to 50.000 EUR or 300.000 EUR monetary fine in case of accountability.

• Saltzer and Schroeder.
  • MIT "Publications of Jerome H. Saltzer".
    • MIT, Jerome H. Saltzer and Michael D. Schroeder "The Protection of Information in Computer Systems", 1975 - “8 examples of design principles that apply particularly to protection mechanisms”:
    • University of Virginia, Department of Computer Science CS551: Security and Privacy on the Internet, Fall 2000 - Jerome H. Saltzer and Michael D. Schroeder "The Protection of Information in Computer Systems".
    • Design rules:
      1. Economy of mechanism: Keep the design as simple and small as possible.
      2. Fail-safe defaults: Base access decisions on permission rather than exclusion.
      3. Complete mediation: Every access to every object must be checked for authority.
      4. Open design: The design should not be secret.
      5. Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
      6. Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
      7. Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users.
      8. Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly-
      9. Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker. The cost of circumventing, commonly known as the “work factor,” in some cases can be easily calculated.
      10. Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.
• John Viega, Gary McGraw.
  • Book John Viega, Gary McGraw "Building Secure Software: How to Avoid Security Problems the Right Way", 2006.
  • Gary McGraw "Thirteen principles to ensure enterprise system security".
    1. Secure the weakest link.
    2. Defend in depth.
    3. Fail securely.
    4. Grant least privilege.
    5. Separate privileges.
    6. Economize mechanism.
    7. Do not share mechanisms.
    8. Be reluctant to trust.
    9. Assume your secrets are not safe.
    10. Mediate completely.
    11. Make security usable.
    12. Promote privacy.
    13. Use your resources.

• HIMA Paul Hildebrandt GmbH "Safety and Security" - Download of the free PDF document “HIMA Cyber Security Manual”.

• a+s - zeitschrift für automation und security.
• <kes> - Die Zeitschrift für Informations-Sicherheit.

• VON ZUR MÜHLEN'SCHE GmbH, BdSI (VZM) - datenschutzberater.de → Externe Datenschutzbeauftragter ( IHK ).

• StopBadware - This isn't an attack site... or is it?.
• Bynamite, Inc for Firefox 3.
  • Facebook "Bynamite, Inc" - “Find out what advertisers know about you, and change it, with Bynamite”.
  • Facebook "Bynamite, Inc", Note "bynamite is in hobby mode", 2010-12-05.
• Stop Forum Spam.
  • Stop Forum Spam - Add a Spammer.
  • Stop Forum Spam - Removal.

• “Cloud Computing” = “Auftragsdatenverarbeitung”, according to $11 of “Bundesdatenschutzgesetz” ( BDSG ).

• Anti-Scam-Forum, Germany - “TEILE KEINEM SCAMMER MIT, DASS SIE HIER GELISTET SIND. Die, die es tun erhalten sofort Verbannung” .
• Anti-Scam-Forum-NL, Germany.
• DragonLadies.org BBS - “A forum for the collection, and publication of information on female internet romance scammers from Asia”.
• Blog ScumAlert.

• eco - Verband der deutschen Internetwirtschaft e.V. "Anti-Botnet-Beratungszentrum".
• Arbeitsgruppe Identitätsschutz im Internet (a-i3).
• Bundesamt für Sicherheit in der Informationstechnik ( BSI ).
  • Bundesamt für Sicherheit in der Informationstechnik "IT-Grundschutzhandbuch" ( IT-Baseline Protection Manual ).
  • BSI für Bürger.
  • Bundesamt für Sicherheit in der Informationstechnik "Kleine- und Mittlere Unternehmen".
    • Bundesamt für Sicherheit in der Informationstechnik "CyberRisikoCheck. Wirkungsvoller Schutz für kleine und Kleinstunternehmen nach DIN SPEC 27076".
      • Beuth Verlag "DIN SPEC 27076:2023-05" - Free PDF download .
      • I was told in 2023-11 by experts: There will be “soon” ( i.e. in 2024 ) a free web-based software service for registered companies and registered consultants, which interactively asks the questions of the norm.
• computerbetrug.de und dialerschutz.de.
• Datenschutz.
  • Datenschutz.de - Virtuelles Datenschutzbüro.
  • Landesbeauftragte für den Datenschutz Baden-Württemberg.
  • Bayerische Landesbeauftragte für den Datenschutz.
  • Berliner Beauftragter für Datenschutz und Informationsfreiheit.
  • Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg.
  • Hamburgischer Beauftragten für Datenschutz und Informationsfreiheit (HmbBfDI).
  • Hessischen Datenschutzbeauftragter.
  • Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern.
  • Landesbeauftragter für den Datenschutz Niedersachsen.
    • Datenschutzbeauftragter der Landeshauptstadt Hannover.
  • Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen.
  • Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz.
  • Unabhängiges Datenschutzzentrum Saarland.
  • Sächsischen Datenschutzbeauftragter.
  • Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD).
  • Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit.
• Deutschland sicher im Netz e.V..
• FoeBuD e.V..
• GnuPT - Gnu Privacy Tools - “Ihr Portal zur Verschluesselung mit GnuPG”.
• heise.
  • heise online "Microsoft: Schreibt eure Passwörter auf".
  • heise Security - AntiVirus.
• Lower Saxony.
  • Niedersächsisches Ministerium für Inneres und Sport - Verfassungsschutz -, “Wirtschafts- und Geheimschutz / Wirtschaftschutz” → “MI-Abt-6-Wirtschaftsschutz”.
  • Niedersächsisches Ministerium für Inneres und Sport, “Themen > Innere Sicherheit > Verfassungs- & Geheimschutz > Geheim- & Wirtschaftsschutz > Wirtschaftsschutz”.
• rfc-ignorant.org - “The clearinghouse for sites who think that the rules of the internet don't apply to them”.
• SecuPedia #.
• Trojaner.Info - Die Informationsseite über Trojanische Pferde.
• trojan-horse.info - “Trojan Horses (Trojans), Viruses, Worms, Spyware, Malware – a guide for the perplexed”.
• TU-Berlin Hoax-Info Service.
• Windows Guides.
  • Free “PC Security Handbook”.
  • Free “PC Maintenance Handbook”.
• Wikipedia.
  • EN.Wikipedia "Common Criteria", DE.Wikipedia "Common Criteria for Information Technology Security Evaluation".
  • EN.Wikipedia "Cyber security standards".
  • EN.Wikipedia "Control system security".
• YouTube, GData "Abzocker sagen 'Bitten rufen Sie uns an' - Da sagen wir nicht nein" - “Microsoft Sicherheitsalarm Fehler Nummer DW 6VD36”, Telephone number “032-221-098-119” browser message .
• Zone-H - Unrestricted information.

• Avira Support Forum.
  • Avira Support Forum "How can I stop "Luke Skywalker. Scanning the registry" prevent or schedule operation ?".
• Emsi Software - e-squared Support ( read-only ) forum, Emsi Software Support forum.
• Secunia Forum.
• Stop Forum Spam - Forum.

• OpenDirectory "Top: Computers: Security".
• OpenDirectory "Top: World: Deutsch: Computer: Sicherheit".
• OpenDirectory "Top: World: Deutsch: Computer: Internet: Missbrauch".