Compass Security Blog

Offensive Defense

Month: December 2015

Subresource Integrity HTML Attribute

Websites nowadays are mostly built with different resources from other origins. For example, many sites include scripts or stylesheets like jQuery or Bootstrap from a Content Delivery Network (CDN). This induces that the webmasters implicitly trust the linked external sources. But what if an attacker can force the user to load the content from an […]

Continue reading

Come’n’Hack Day 2015

Being a security analyst at Compass Security is an interesting thing, no doubt. Besides interesting projects, there is plenty of know-how transfer and interactions between the employees. For example, each year, all security analysts come together for an event called Come’n’Hack Day. During this year’s event, they had the pleasure to perform an attack/defense hacking contest […]

Continue reading

What is a “Fake President Fraud” and how to Protect Your Company

“Fake President Fraud” or “CEO Fraud” is a social engineering attack where an adversary tries to convince a member of the financial department of a company to send out a payment to the attacker’s bank account. The attack can be divided into three steps. Establish Contact: Typically only employees responsible for bank transfers get contacted by […]

Continue reading