We are at the Area 41 conference! This IT Security Conference is happening on the 15/16th of June in 2018 in Zürich. Compass Security supports this non-profit event as Platinum Sponsor. We’ll have a Compass Booth where we discuss current topics with you – and how you can join our team as ethical hacker! The […]
Perfect Forward Secrecy (PFS) is a concept in Transport Layer Security (TLS) that makes sure that even if attackers manage to gain access to the private key of a certificate, they are not able to decrypt communication from the past (or communication in the future, without using active man in the middle attacks). Or in other […]
I am given the opportunity to teach Exploiting & Defense in the Bern University of Applied Sciences (Berner Fachhochschule) in the module Application and Software-Security.
At our reoccurring Hacklab days, we at Compass get the chance to hack some stuff of our own choice together for a day. For example playing with GSM in an attempt to send fake SMS or eavesdrop on voice data, comparing Encase capabilities to Unix command line forensic tools or cloning door entry badges in […]
On the last Saturday the 22nd of November, I attended BSidesVienna 2014 to deliver a talk about BurpSentinel. This tool is a Burp Suite extension giving better control over semi-automated requests sent to a given web application page. The presentation also covered aspects on automated Cross-Site Scripting and SQL injection detection. Despite talking early in the day (10 am), […]
Compass Security is developing security tools on regular basis. I for myself created a plugin/extension for Burp Intercepting Proxy called BurpSentinel. It can makes some tedious manual testing more automated, and helps identifying security vulnerabilities in web applications like XSS weaknesses or SQL injections. Compared to fully automated scanners (like the one already integrated into Burp), it has […]
Black Hat USA in Las Vegas is one of the biggest IT security conferences in the world. Every year, thousands of security-interested people attend the conference that is held in the infamous Mandala Bay, in the heart of Las Vegas. And as every year, two security analysts of Compass have participated the conference to learn […]
Area41 (@a41con) is a security conference held in Switzerland. Its the successor of the highly successful Hashdays. Several Compass Security Switzerland employees volunteered to help organizing this event. Some say, we completely infiltrated Area41! The compound of Komplex 457 was pretty awesome. There was enough space in the main hall for to accommodate all viewers, […]
On this Wednesday (09.04.2014) I gave a presentation at OWASP Switzerland chapter. Initially I choose to present an overview of SSL/TLS, which is based on our previous blog article Compass SSL/TLS recommandations. Accidently, the timing with the OpenSSL heartbleed bug was perfect, so the presentation was updated in time with several slides about this current vulnerability. […]
Mozilla created an extensive page [7] concerning the best current choice of SSL/TLS cipher suites, primarily for web servers. Compass Security agrees broadly with the article, but recommends some additional restrictions in order to provide the most resistance against active and passive attacks versus TLS secured connections: Use 3DES cipher instead of RC4 Disable SSLv3 support […]
© 2024 Compass Security Blog