Printing tool Download PDF


As a director and consultant at Vantage Point Security Bernhard helps multinational corporations and government organization to protect themselves from current threats. He has found and published vulnerabilities in commercial software such as MS Internet Explorer and SQL Server, open source software, web applications and mobile operating systems, and written award-winning papers on topics ranging from DNS to smartphone security.

Work experience

Talks and publications

Diploma thesis: „Fas est ab hoste doceri / Buffer Overflow Exploits“, University of Applied Sciences of St. Poelten, 2004

Security advisories:

  • „ Macromedia Flash Player ActionDefineFunction Memory Corruption Vulnerability“ (CVE-2005-3591)
  • „Opera Browser CSS Attribute Integer Wrap / Buffer Overflow“ (CVE-2006-1834)
  • „Perdition IMAP Proxy Format String Vulnerability“ (CVE-2007- 5740)
  • „Microsoft SQL Server sp_replwritetovarbin Remote Memory Corruption Vulnerability“ (CVE-2008-5416)

Talks and workshops (examples):

  • “Penetration Testing in the Wild” – Technical university of Vienna, Februar 2006
  • “Finding hidden Security Vulnerabilities in Web Applications”, TRUST2008, March 2008
  • "Reverse Engineering with IDA Pro" – May 2006
  • “Why software always breaks: From phone lines to CPU threads”, IT SecX 2008, St. Poelten, October 2008
  • "Web application firewalls - an attacker's perspective" - OWASP Singapore 2013
  • "Hacking Multifunction Printers" - GovWare, Singapore, 2013

Papers (examples):

  • “In-process SSL packet injection”, released to Full Disclosure / Bugtraq, July 2008
  • Whitepaper: „Improved DNS spoofing using node redelegation”, released to Full Disclosure / Bugtraq, July 2008
  • Whitepaper: „From 0 to 0day on Symbian, released to Full Disclosure / Bugtraq Mailing Lists, July 2009, won Pwnie Award category “Most Innovative Research”, at Blackhat Las Vegas 2009 


CISSP #412290



Code security review
Penetration Testing
Vulnerability Assessment