Compass Security Blog

Offensive Defense

Author: Emanuel Duss

Area41 2018 Wrap Up

Introduction Last Friday and Saturday (15./16. June 2018), the 6th edition of the security conference Area41 (formerly Hashdays, https://area41.io/) organized by DEFCON Switzerland (https://www.defcon-switzerland.org/, https://twitter.com/defconCH) took place in Zürich. Every Compass security analyst can attend two conferences every year supported by Compass. So most of the analysts decided to go to the Area41 this year […]

Continue reading

Insomni’hack 2018 Wrap-Up

As every year, some Compass Security Analysts travelled to Geneva and attended the Insomni’hack conference and it’s enjoyable CTF.

Continue reading

Insomni’hack 2018 – guessflag

For this task, we had SSH access to the server guess.insomni.hack and the task was to read the flag in the /home/flag directory. We were able to get the flag without even solving the challenge 🙂

Continue reading

SAMLRequest Support for SAML Raider

About a year ago, the Burp extension SAML Raider [0] was released as a result of a bachelor thesis [1] in collaboration with Compass Security. This Burp extension automates most of the steps, which are necessary to test a SAML single sign-on process and perform according attacks. With SAML Raider, an authentication bypass vulnerability in a Service […]

Continue reading