Compass Security Blog

Offensive Defense

Page 4 of 5

Ein Nachmittag beim TVO

Nicht selten werden wir bei Compass von den Medien angefragt, zu dem einen oder anderen, aktuellen Sicherheitsthema Stellung zu nehmen. Meistens springen da unsere Profis, Ivan Bütler und Walter Sprenger, ein, die schon auf eine beachtliche TV-Erfahrung zurückblicken können. Die Fügung wollte es, das es nun mich traf: Der Ostschweizer Sender “TVO” lud mich als […]

Continue reading

OWASP 2012 Online Competition

Learning by Doing! We are proud to run the OWASP 2012 Online Competition with Hacking-Lab. The event is free for everyone, why not participating this educational program? The winner will get a free ticket to one large OWASP conference. The winners choice are: AppSec US AppSec EU AppSec Latin America We encourage readers of this […]

Continue reading

Exploit credentials stored in Windows Group Policy Preferences

Group Policy preferences are a new feature set available since Windows Server 2008, which shouldn’t be confused with the well known Group Policy objects (GPOs) dating back to Windows NT. The main idea behind the creation of Group Policy preferences is the ability to push so-called “unmanaged” settings. Compared to “managed” GPOs, group policy preferences can be altered by […]

Continue reading

March Hacking-Lab News 2012

What’s new with Hacking-Lab? 1) New LiveCD Please note, we have uploaded the new Hacking-Lab LiveCD v5.83 to * http://media.hacking-lab.com/largefiles/livecd/ 2) New Video Tutorial Watch this short tutorial and learn how to use multiple firefox profiles with your new LiveCD * http://media.hacking-lab.com/movies/multiple-firefox-browsers/ 3) OWASP AppSec EU OWASP rocks!!! Join the University Challenge in Athens this […]

Continue reading

Next Beer-Talk in June 7th, 2012

Hi all, Don’t miss our tech/geek research talk series; mark the next Beer-Talk that will be held next June 7th, 2012 in Jona Switzerland in your agenda. As we have multiple research topics you can choose, please mark your favorite in the survey below: Survey – http://www.csnc.ch/de/calendar/NextBeerTalk/ Did you miss the last Beer-Talk about Advanced […]

Continue reading

OWASP Apache Struts2 Security Challenge in Hacking-Lab

Hi all, As you might know, Hacking-Lab is providing free OWASP TOP 10 hands-on challenges to the OWASP community. This is an inner service of GEC (Global Education Commitee) and as part of the Academy Portal project. Vulnerabilities within used frameworks and libraries, like the Apache Struts vulnerability do not have a prominent place with […]

Continue reading

Reversing in God Mode

Fridays, I was approaching a win32 reversing challenge. So I transferred the binary into my Windows XP virtual box and fired-up OllyDbg. The goal was to bypass the username and password prompt that occurred on application startup. Hilariously, I was just providing a dummy name and password to the app…. “asdf” “asdf” as probably most […]

Continue reading

JBoss 7.1 Web Server Hardening

JBoss is a popular open-source Java application server which underwent a major rewrite of its code-base for its latest version 7.x. Of this new branch, only version 7.1.0.Final, released a week ago, is certified for the Java EE 6 Full Profile. As part of the code rewrite, the configuration settings also got a global overhaul. […]

Continue reading

Nächster Compass BeerTalk am Donnerstag 01.03.2012

Am 1. März 2012 ist es wieder so weit, wir führen den ersten BeerTalk im Jahr 2012 zum Thema Advanced Web Security durch. Das weit verbreitete Struts Framework war im letzten halben Jahr immer wieder auf Remote Code Execution verwundbar, was Angreifern erlaubte, ganze Systeme zu kompromittieren. Philipp Oesch, Leiter Software Entwicklung bei der Compass […]

Continue reading

New Security Enhancing HTTP Headers

In the past few years, several new HTTP Headers have been proposed to increase the security of web applications. This is being done by providing additional instructions and information about the served application to the browser. Those can mitigate and avert various common web attacks, even if the underlying application contains vulnerabilities, therefore adding another […]

Continue reading

« Older posts Newer posts »