Compass Security Blog

Offensive Defense

Pwn2Own Toronto 2023: Part 3 – Exploration

In this third part of the series, we focus on the exposed web services running on TCP ports 80 and 443.

Since a valid exploit chain must achieve code execution without prior authentication, we focus on the available functionality that can be accessed without authentication.

Continue reading

A Symmetric Cipher Ransomware … YES!

One of the rare cases where we can decrypt and recover files following-up with a ransomware attack.

Continue reading

Straightforward Mobile Forensics

We put more and more sensitive data on mobile devices. For many private conversations we use mobile applications, such as WhatsApp. This smooth access to the data and the Internet provides multiple benefits in our lives. On the other side, new attack vectors are created. Phishing messages do not need to be delivered in an […]

Continue reading

There is such thing as a free lunch

Usually you need to pay for lunches with cash or using your credit card. But in some places employees can pay for a lunch using their access badge. And this is the payment method that will be covered in this blogpost.

Continue reading

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well, replacing the content of previously sent SMSs is actually possible. SMS messages can be constructed in one of two modes: […]

Continue reading

How to lose money with cryptocurrencies

Cryptocurrencies are getting more and more popular nowadays. Price increases of more than fifty percent in a day, something that does not happen on other markets, is nothing uncommon in the world of virtual currencies. Bitcoin, the most popular cryptocurrency, has multiplied its value about 15 times throughout 2017, whereas other currencies, Ethereum for example, […]

Continue reading