Compass Security Blog

Offensive Defense

Docker Forensics

November 8, 2021 / / 0 Comments

Sometimes one goes deep down the rabbit hole, only to notice later that what we were looking for is just under one’s nose.

This is the story of a digital forensic analysis on a Linux system running docker containers. Our customer was informed by a network provider that one of his system was actively attacking other systems on the Internet. The system responsible for the attacks was identified and shut down.

Our DFIR hotline responded to the call and we were provided with a disk image (VMDK) to perform a digital forensic analysis.

Continue reading

BFH Exploiting & Defense Course

May 9, 2017 / / 1 Comment

I am given the opportunity to teach Exploiting & Defense in the Bern University of Applied Sciences (Berner Fachhochschule) in the module Application and Software-Security.

Continue reading

Compass SSL/TLS recommendations

November 27, 2013 / / 0 Comments

Mozilla created an extensive page [7] concerning the best current choice of SSL/TLS cipher suites, primarily for web servers. Compass Security agrees broadly with the article, but recommends some additional restrictions in order to provide the most resistance against active and passive attacks versus TLS secured connections: Use 3DES cipher instead of RC4 Disable SSLv3 support […]

Continue reading

Dangerous Sudoers Entries – PART 5: Recapitulation

October 29, 2012 / / 2 Comments

The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation Define […]

Continue reading

Dangerous Sudoers Entries – PART 4: Wildcards

October 22, 2012 / / 12 Comments

The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation The last […]

Continue reading

Dangerous Sudoers Entries – PART 3: Permissions

October 15, 2012 / / 0 Comments

The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation Another pitfall […]

Continue reading

Dangerous Sudoers Entries – PART 2: Insecure Functionality

October 8, 2012 / / 5 Comments

The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation In this […]

Continue reading

Dangerous Sudoers Entries – PART 1: Command Execution

October 1, 2012 / / 0 Comments

The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation In this […]

Continue reading

© 2023 Compass Security Blog

Up ↑