Compass Security Blog

Offensive Defense

Year: 2015 (page 1 of 3)

Subresource Integrity HTML Attribute

Websites nowadays are mostly built with different resources from other origins. For example, many sites include scripts or stylesheets like jQuery or Bootstrap from a Content Delivery Network (CDN). This induces that the webmasters implicitly trust the linked external sources. But what if an attacker can force the user to load the content from an […]

Continue reading

Come’n’Hack Day 2015

Being a security analyst at Compass Security is an interesting thing, no doubt. Besides interesting projects, there is plenty of know-how transfer and interactions between the employees. For example, each year, all security analysts come together for an event called Come’n’Hack Day. During this year’s event, they had the pleasure to perform an attack/defense hacking contest […]

Continue reading

What is a “Fake President Fraud” and how to Protect Your Company

“Fake President Fraud” or “CEO Fraud” is a social engineering attack where an adversary tries to convince a member of the financial department of a company to send out a payment to the attacker’s bank account. The attack can be divided into three steps. Establish Contact: Typically only employees responsible for bank transfers get contacted by […]

Continue reading

DCF77 Zeitsignal Manipulation

In diesem Artikel wird aufgezeigt, wie einfach das per Funk ausgestrahlte DCF77 Zeitsignal manipuliert werden kann. DCF77 wird in vielen Bereichen eingesetzt in denen eine genaue Uhrzeit benötigt wird: Von der einfachen Armbanduhr bis zur Industrieanlage. Was ist DCF77 In Europa existiert seit 1959 der Zeit Sender DCF77. Der Sender verfügt über eine Reichweite von 2000km […]

Continue reading

Black Hat USA 2015 – part 2

For the second part of our report about Black Hat USA 2015, we decided to change topic, and switch from web application security to two hot topics nowadays: Security in Internet of Things and mobile security. We encourage you not only to read this summary but also to go online and take a closer look […]

Continue reading

Black Hat USA 2015 – part 1

Black Hat USA is the most famous IT security conference in the world that every year congregate thousands of security experts and interested to Las Vegas. For its 18th year the conference took place in the glamorous Mandalay Bay Conference Center in Las Vegas. And as every year, two security analysts of Compass Security have […]

Continue reading

Compass Security at CYBSEC15 in Yverdon-les-Bains

As in past years, Compass Security will participate in the upcoming CyberSec Conference in Yverdon-les-Bains (formerly Application Security Forum – Western Switzerland). This year, we will contribute in two events: First, Antoine Neuenschwander and Alexandre Herzog will conduct a day long training session on Tuesday, November 3rd. Participants will be able to exercise their skills […]

Continue reading

Aftermath of the Netgear Advisory Disclosure

Update – 13.10.2015: Netgear published a new firmware (version 1.1.0.32) which fixes the reported authentication bypass. My most recently appointed colleague, Daniel Haake, described in the previous blog article “Authentication Bypass in Netgear WNR1000v4 Router” how he found an authentication bypass in commonly used Netgear firmwares. Due to the rediscovery of the issue and its […]

Continue reading

Authentication Bypass in Netgear WNR1000v4 Router

Three months ago I tested the web interface of the Netgear WNR1000v4 router for some typical vulnerabilities. When playing around with the application by forcefully calling different URLs in contexts it was not meant for, I got some strange, but interesting behaviour. I accessed different URLs and then switched back to the root web directory […]

Continue reading

SAML SP Authentication Bypass Vulnerability in nevisAuth

Two months ago, we wrote about SAML Raider, a Burp extension which allows automating SAML attacks based on manipulations of the intercepted security assertion. Using this tool, we were able to identify a severe vulnerability in the service provider (SP) implementation of AdNovum‘s nevisAuth. The following conditions make exploitation possible: SAML POST-Binding is used, i.e. […]

Continue reading

Older posts