When you add a new computer, it must first join the domain. If you use its future main user to do it, they’ll become the owner and be able to hijack the computer to become a local administrator in four easy steps.
When you add a new computer, it must first join the domain. If you use its future main user to do it, they’ll become the owner and be able to hijack the computer to become a local administrator in four easy steps.
Ransomware focuses on encrypting data on a filesystem-level, either locally on infected client systems or remotely on accessible file servers. However, what if ransomware would start encrypting data on an application-level too?
Usually you need to pay for lunches with cash or using your credit card. But in some places employees can pay for a lunch using their access badge. And this is the payment method that will be covered in this blogpost.
Black box analysis of a not so smart card in ID-1 form factor that is in use for the billing of washing machines and tumble driers.
In this post, we are going to take a closer look at the enOcean technology, how security is implemented, and if the security measures and options available are sufficient.
Present State of Affairs We have been teaching forensics and network incident analysis for quite a while. We have investigated into a reputable number of cases and we are not the only doing so. Hence, one would expect a certain degree of automation in analysis. However, the high frequency of software release cycles somehow leads […]
Contents Introduction Attack Overview Step-by-Step Detection Email Clients Administration Tools Exchange Compliance Features MAPI Editor Eradication Microsoft Security Response Center Swiss Cyber Storm 2018 Conclusion References Introduction In recent investigations, Compass recognized a raise in popularity for attackers to compromise Microsoft Exchange credentials. As one of the first steps after having obtained the credentials (most […]
The idea Some time ago I read a tweet about hunting so-called “sticky-keys backdoors”, referencing a presentation at DEFCON 24, https://www.youtube.com/watch?v=EAYtRQKfna0 In addition to the presentation, the team released a tool called “Sticky Keys Slayer” that is publicly available on GitHub, https://github.com/linuz/Sticky-Keys-Slayer/ The sticky-keys backdoor is using a simple trick. On a Windows system, it is possible […]
Cryptocurrencies are getting more and more popular nowadays. Price increases of more than fifty percent in a day, something that does not happen on other markets, is nothing uncommon in the world of virtual currencies. Bitcoin, the most popular cryptocurrency, has multiplied its value about 15 times throughout 2017, whereas other currencies, Ethereum for example, […]
Recently our analysts have been spending increasing amounts of time on IoT security. More specifically looking at the Tensilica Xtensa microcontroller architecture, and even more specifically at the Mongoose OS embedded operating system. With some public (CVE-2017-7185), and some not yet disclosed advisories (watch this space for Dobin Rutishauser’s work), we are happy to announce that […]
© 2022 Compass Security Blog