Compass Security Blog

Offensive Defense

Page 3 of 3

The Metering Infrastructure

I have provided introductions to the electrical and specifically the smart grid earlier on. Today I will briefly introduce the advanced metering infrastructure – its purpose, benefits and issues. Moreover, different approaches to metering and some ongoing security standards and specifications processes and organizations will be referenced. Purpose of Smart Meters The reason for smart […]

Continue reading

Grid, gridder, smart grid

This post will briefly introduce the major aspects and goals of smart grids. For those not familiar with electrical grids, have a look at the former post for a quick intro. This article aims to describe the challenges and requirements smart grids are dealing with. Moreover, the need for an intelligent measurement network – the […]

Continue reading

Introduction to the Electrical Grid

When it comes to industrial control systems (ICS) specifically to supervisory control and data acquisition (SCADA) then a basic unterstanding of the business is crucial. In the curse of my master thesis I am currently digging into parts of the electrical grid and try to examine the issues and security level of some specific protocols. […]

Continue reading

AntiSamy to face XSS and XXE

The community hosts a neat little project called AntiSamy[1] which lends its name from the well known MySpace worm[2] and which comes in handy when trying to mitigate Cross-site Scripting[3] attacks. Whereby XSS is sometimes hard to mitigate when business is asking for HTML formatting in user supplied inputs. At that point, AntiSamy might become […]

Continue reading

Reversing in God Mode

Fridays, I was approaching a win32 reversing challenge. So I transferred the binary into my Windows XP virtual box and fired-up OllyDbg. The goal was to bypass the username and password prompt that occurred on application startup. Hilariously, I was just providing a dummy name and password to the app…. “asdf” “asdf” as probably most […]

Continue reading

BeanShell puts Java Application Servers at Risk

Developers increasingly integrate BeanShell support into web applications to provide end users and administrators with a simple extension framework. But be warned! BeanShell support without appropriate access control will put the hosting web server at severe risk. An attacker could easily execute operating system calls and without appropriate system hardening such an attack will immediately result in full system compromise. The […]

Continue reading

Blogilo Forensics

The analysis of Social Media apps gets more and more weight as these applications gain momentum with end users. Thus, forensic analysts must not only understand how to grab files and content from a suspects computer but also from its online services (not to use the damn Cloud word). Therefore, it is crucial to understand […]

Continue reading

Newer posts »