Skip to main content

Understanding cyber space in a new way

Alpha Strike Labs is a German security research company in the field of Cyber Open Source Intelligence. Alpha Strike Labs identifies attack surfaces in cyber space using open source intelligence and global Internet scans. Excellent technology knowledge from university research combined with practical experience from a large number of consulting projects drives the continuous development of new methods that are used in projects with high added value for customers.

Founded in
private owned by founders

Alpha Strike Labs by Limes Security

To further expand its cyber security expertise, Alpha Strike Labs became part of Limes Security. Limes Security GmbH is a leading OT Security expert in the German-speaking region. Limes Security supports you in the secure operation of industrial plants and in the development of secure solutions and products. In addition, Limes Security offers training and certification in the field of OT Security and Secure Product & Software Development through the Limes Academy.


  • CVE-2022-40633, Improper Access Control in Rittal CMC III Access Systems
  • CVE-2021-32958, Authentication Bypass Using an Alternate Path or Channel in Claroty SRA
  • CVE-2019-0220 Path traversal vulnerability in Apache HTTP Server 2.4.0 to 2.4.38.
  • ICSMA-17-241-01, authorization bypass, possible exploitation of a pacemaker
  • ICSMA-17-009-01A, man-in-the-middle vulnerability, pacemaker information and monitoring system
  • CVE-2017-1272, Pacemaker device, Improper authentication
  • CVE-2017-12714, Pacemaker device, Improper restriction of power consumption
  • CVE-2017-12716, Pacemaker device, Missing encryption of sensitive data
  • CVE-2017-5149, pacemaker transmitter, Channel accessible by nonendpoint (man-in-the-middle)
  • Security Advisory 2015/12/02 (Traeger Industry Comp. GmbH), S7-Firewall / TeleRouter – XSS, insufficient encryption and authentication methods
  • CVE-2015-2177, DoS-Attack of Siemens SIMATIC S7-300 via crafted ISO-TSAP packets.
  • CVE-2014-6617, Softing FG-100 PB, Hardcoded Backdoor
  • CVE-2014-6616, Softing FG-100 PB, Cross Site Scripting


  • Epidemic? The Attack Surface of German Hospitals during the COVID-19 Pandemic
    Johannes Klick, Robert Koch, Thomas Brandstetter.
    NATO CCDCOE Annual International Conference on Cyber Conflict (CyCon), Mai 2021.
  • Towards Better Internet Citizenship: Reducing the Footprint of Internet-wide Scans by Topology Aware Prefix Selection.
    Johannes Klick, Stephan Lau, Matthias Waehlisch, and Volker Roth.
    In Proceedings of the 16th ACM SIGCOMM conference on Internet measurement conference. ACM, 2016
  • Internet-facing PLCs as a network backdoor
    Johannes Klick (CEO, Alpha Strike Labs), Stephan Lau (Alpha Strike Labs), Daniel Marzin (Alpha Strike Labs) and Volker Roth (FU Berlin). In Proceedings of 2015 IEEE Conference on Communications and Network Security (CNS), 524-532
  • Verwundbarkeit Vernetzter Industriesteuerungen – ein Lagebild.
    Jan-Ole Malchow, Johannes Klick, and Volker Roth.
    IHK Technologieforum 2014 – Sicherheit in Unternehmen, Industrie und Handelskammer Berlin Brandenburg
  • Cyberwar: Angriffsvektor Industriesteuerungen.
    Johannes Klick.
    Summer School – Krieg im 21. Jahrhundert, Akademie der Bundeswehr für Information und Kommunikation, 2014.
  • Erreichbarkeit von digitalen Steuergeräten ein Lagebild.
    Jan-Ole Malchow and Johannes Klick.
    In Sicherheit in vernetzten Systemen: 21. DFN-Workshop. Paulsen, C, 2014
  • Find Them. Bind Them – Industrial Control Systems (ICS) on the Internet.
    Johannes Klick and Daniel Marzin.
    Positiv Hack Days III – on either side OF A FENCE, Moskau, Russia, 2013.

Jobs @ Alpha Strike Labs

Backend Developer (m/w/d)






Send us your application to