Introduction to Windows Exploits
As part of the Compass research week, I dived into Windows exploit development. Conclusion is, that the basic exploiting principles from unix also apply on Windows. The biggest difference is the...
View ArticleLync – Missing Security Features
Microsoft has published a list of key security features [1] and also their security framework [2] for the Lync Server 2013. Those documents show how deeply MS integrated their SDL in the Lync products....
View ArticleAPT Detection Engine based on Splunk
Compass Security is working on an APT Detection Engine based on Splunk within the Hacking-Lab environment. Hacking-Lab is a remote training lab for cyber specialists, used by more then 22’000 users...
View ArticleClik here to view.
Presentation at BSidesVienna
On the last Saturday the 22nd of November, I attended BSidesVienna 2014 to deliver a talk about BurpSentinel. This tool is a Burp Suite extension giving better control over semi-automated requests sent...
View ArticleClik here to view.
XSLT Security and Server Side Request Forgery
Nowadays, a growing list of XSLT processors exist with the purpose of transforming XML documents to other formats such as PDF, HTML or SVG. To this end such processors typically offer a powerful set of...
View ArticlePresentation about Windows Phone 8.1
Earlier this month, my colleague Cyrill Bannwart and I held two Compass Security Beer Talk presentations in Bern and Jona about Windows Phone 8.1 security. The slides are now online and cover: Our...
View ArticleNetzwerktraffic und APT Analyse
Compass Security wird vermehrt von Kunden bzgl. Verdacht auf Advanced Persistent Threat (APT) kontaktiert. Unter die Bezeichnung “APT” fallen komplexe, zielgerichtete und äusserst effektive Angriffe...
View ArticleHacklab Q2 – NoSQL mischief
At our reoccurring Hacklab days, we at Compass get the chance to hack some stuff of our own choice together for a day. For example playing with GSM in an attempt to send fake SMS or eavesdrop on voice...
View ArticleClik here to view.
IP-Box – Why a 4 digit passcode is still a bad idea
Up to the iPhone 4, 4 digit passcodes could be brute-forced within a short amount of time – maximum 30 minutes, depending on the passcode. With the iPhone 4s, the Boot ROM vulnerability required to...
View ArticleClik here to view.
Aftermath of the Netgear Advisory Disclosure
Update – 13.10.2015: Netgear published a new firmware (version 1.1.0.32) which fixes the reported authentication bypass. My most recently appointed colleague, Daniel Haake, described in the previous...
View ArticlePresentation on SAML 2.0 Security Research
Compass Security invested quite some time last year in researching the security of single sign-on (SSO) implementations. Often SAML (Security Assertion Markup Language) is used to implement a...
View ArticleWindows Phone – Security State of the Art?
Compass Security recently presented its Windows Phone and Windows 10 Mobile research at the April 2016 Security Interest Group Switzerland (SIGS) event in Zurich. The short presentation highlights the...
View ArticleClik here to view.
Making of Compass bIOTech v1.0
The “Internet of Things” (IoT) grows quickly. More and more devices are connected to the Internet to automate tasks and simply life. Fridges automatically order milk, cars are taught to self-drive via...
View ArticleClik here to view.
SAMLRequest Support for SAML Raider
About a year ago, the Burp extension SAML Raider [0] was released as a result of a bachelor thesis [1] in collaboration with Compass Security. This Burp extension automates most of the steps, which are...
View ArticleClik here to view.
Wrap-up: Hack-Lab 2017#1
What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills...
View ArticleClik here to view.
Wrap-up: Hack-Lab 2017#2
What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills...
View ArticleClik here to view.
SharePoint: How to collaborate with external parties?
Opening up an internal SharePoint farm to the Internet in order to share resources with external parties might seem a good idea, because it helps avoiding expensive infrastructure changes. However, in...
View ArticleClik here to view.
SharePoint: Collaboration vs. XSS
SharePoint is a very popular browser-based collaboration and content management platform. Due to its high complexity, proprietary technology and confusing terminology it is often perceived as a...
View ArticleClik here to view.
IoT WiFi Module – Dump the Data
The ESP8266 WiFi module from ESPRESSIF is a commonly used, low cost (less than 2 US$) WiFi module that exists in different PCB layouts. Often used for IoT projects and easily programmable using the...
View ArticleClik here to view.
JWT Burp Extension
JSON Web Token, or more commonly known as JWT, is an open standard [1] that defines a compact and self-contained structure for securely transmitting information between multiple parties. The contained...
View Article
