Marc Ruef
Deutsch English
"Some of my clients are very awesome. And I like that ;)" - @mruef vor 3 Jahren via Twitter

In 1998 Marc Ruef started with the largest portal about Information Security within the german community. On this web site approx. 900 german publications are available for free download. More than 150.000 users are visiting the web site per month. He was also active member of, a popular hacking group in 1990. Within several freelancing projects he was consulting different security companies.

At the beginning of 2000 he started as IT Security Specialist at the german company Biodata GmbH, which was announced as world leader in ISDN encryption. During the next two years he was doing some consulting in network security and support in firewall administration. Besides the co-ordination of internal workshops he was also responsible for research and engineering of competitive products. With technical papers he should be able to publish weaknesses and disadvantages of other solutions. The adventurous story within the New Economy is documented in the movie "Weltmarktf├╝hrer - Die Geschichte des Tan Siekmann".

In 2002 he was moving to the swiss company Inter-Networking AG. As Security Consultant he was responsible for the setup of an agile and powerful tiger team. Besides the security auditing and vulnerability assessment he began to develop a software solution (codename Dante) which should improve and simplify security testing. At the same time he was founding member and vice president of the Linux User Group (LUG) in Brugg.

Another two years later he took over the lead of the auditing team at scip AG in Zurich. The knowledge gathered the past years became very important to guarantee powerful security tests of all kind. The work coverage has been increased: Besides classic penetration tests also source code reviews, reverse engineering and formal analysis of firewall rule sets became important. These approaches remain very important to fullfil the applied regulations (e.g. FINMA, SOX and ISO). Between 2003 and 2007 he was also responsible to setup and maintain the public vulnerability data base in which he documented more than 2'000 security issues. Since 2009 he publishes technical articles in the labs blog once a week.

Marc Ruef is one of the most read authors in german speaking countries. Since 1997 he has published more than 380 papers of all kind. Some of them were translated into spanish, russian and japanese (Kanji). Furthermore, he participated in writing and translating (English to German) several books. In September 2002 his best-sellung book "Hacking Intern", the first issue was sold out within the one year, was published at Data Becker. One year later he released his german translation of the 3rd edition of the book "Network Intrusion Detection" by Stephen Northcutt and Judy Novak at MITP/Huthig Telekommunikation. And in mid 2007 he published his long awaited book "Die Kunst des Penetration Testing" (The Art of Penetration Testing), which discusses methodologies and techniques of technical testing, at C&L. The latter became something like a standard in this kind of security analysis and was already reprinted half a year after first publishing due to the enormous demand. More books, one of them about source code analysis, are planned.

In his work the developement of new methodologies and solutions to realize and improve security testing is very important. Therefore, at the end of 2003 the open-source exploiting framework Attack Tool Kit, it is based on some parts of the Dante security scanner, was published. It is used to improve the efficiency and accuracy of ethical hacking with dedicated exploiting (proof of concept). Further more in 2007 a methodology for the formal analysis and rating of firewall rule sets and network topologies was presented to the public. These methodologies are used widely by professional security analysis.

Since the end of 2007 he is focussing on the Recon Framework. The goal is the development of methodologies and implementations for application fingerprinting. The httprecon project is going to identify web server implementations according to their http headers in the responses. Very similar is the browserrecon project which is providing client-side application fingerprinting of web browsers regarding their http requests. Another project of this series is telnetrecon project which is regarding the telnet negotiation options to identify telnet daemons.

In February 2008 he published the Tractatus Logico-Philosophicus Instrumentum Computatorium which provides a formalistic discussion about information technology, similar to the early work of the philosopher Ludwig Wittgenstein. Another major project, it is named as codEX, is focussing on the analysis of source code. This will be the foundation for a new book (planned release date is 2015).

Security reviews, especially penetration tests, are very important in his work. Within a large amount of projects many 0-day vulnerability, which were not discovered and published yet, were found. After feedback and co-ordination with the developers of the affected products, sometimes well-known companies as like Microsoft and Sun Microsystems, a public advisory and patch could be released. This guaranteed a value for the clients within the project and other customers of the affected product. Therefore, a much better performance and quality than with automated scanning solutions (e.g. Nessus or Qualys) is assured at any time.