Compass Security Blog

Offensive Defense

Month: November 2012

ASFWS – OPA

Slides available on http://asfws12.files.wordpress.com/2012/11/appsec2012_opa.pdf Alok Menghragani already presented the initial keynote of the conference. This time, he presented us a personal project, not linked in any ways to his current employer. Started in 2008, OPA is an open-source framework designed for being used by companies. Instead of having to learn different technologies for different platforms, […]

Continue reading

ASFWS – Mimikatz

Slides available on http://asfws12.files.wordpress.com/2012/11/mimikatzasfws.pdf Benjamin Delpy, aka GentilKiwi, presented us the sekurLSA and crypto part of his trendy and increasingly famous tool called Mimikatz. If you haven’t heard of it yet, I’m convinced that once you read this article and the slides, you’ll certainly want to try out this great tool immediately on a Windows […]

Continue reading

ASFWS – Obfuscator, ou comment durcir un code source ou un binaire contre le reverse-engineering

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-pascal_junod-jean_roland_schuler-obfuscator.pdf Both presenters, Pascal Junod and Jean-Roland Schuler work for the HES-SO – the University of Applied Science Western Switzerland. This talk is the follow-up of last year’s presentation, including the improvements done since. While Pascal Junod, from the HES-SO HEIVd (Yverdon-les-Bains) focused on obfuscating binaries based on their source code, Jean-Roland […]

Continue reading

ASFWS – Keynote 1 – Gestion opérationnelle de la sécurité logicielle sur la plateforme Facebook

Slides available on http://asfws12.files.wordpress.com/2012/11/appsec2012_keynote.pdf Alok Menghragani graduated in Lausanne with a Master at the EPFL before joining Facebook in 2008, which was back then still a young startup with “only” 100 millions users. He gave us an interesting insight in how Facebook manages over 10 millions of lines of code while keeping “move fast and […]

Continue reading

Day 1 of ASFWS – Introduction

Wednesday 7th of November started early for me as I had to take the train at 6am in Zürich to be in time in Yverdon-les-Bains for the beginning of Application Security Forum – Western Switzerland 2012. This annual security conference, regrouping all actors of the French part of Switzerland during 2 days, invited me to […]

Continue reading

Blackhat USA 2012

Black Hat USA in Las Vegas is one of the biggest IT security conferences in the world. Every year, thousands of security-interested people attend the conference that is held in the infamous Caesars Palace, the heart of Las Vegas. And as every year, two security analysts of Compass have participated the conference to learn about […]

Continue reading

Jailbreak detection – curse or blessing?

“Jailbreak Detection” is a set of checks, mostly performed by Mobile Device Management solutions like MobileIron / Good Technologies or other third party Apps to determine if a device is jailbroken or not. It checks if all security controls of Apple’s iOS are still in place and if we can / should / want “trust” […]

Continue reading

Windows Phone 8 – An iPhone Alternative for Business?

During our most recent HackLab Day – a quarterly event where Compass analysts research new security topics or solutions – I have investigated Microsoft’s next version of its mobile operating system “Windows Phone 8” (WP8). This update to the previously released Windows Phone 7 version integrates a complete new Kernel (shared with Windows 8 ) […]

Continue reading