Compass Security Blog

Offensive Defense

Category: Uncategorized (page 1 of 2)

About TLS Perfect Forward Secrecy and Session Resumption

Perfect Forward Secrecy (PFS) is a concept in Transport Layer Security (TLS) that makes sure that even if attackers manage to gain access to the private key of a certificate, they are not able to decrypt communication from the past (or communication in the future, without using active man in the middle attacks). Or in other […]

Continue reading

Forensic Readiness

Introduction Every year Bitkom and others publish the statistics of detected attacks. These numbers are increasing (30% in 2014, 51% in 2015, 69% in 2016 each regarding the last two years). According to annual Mandiant reports, the duration until an attack is detected is 148 days in median. 148 days is a long time to gain […]

Continue reading

Wrap-up: Hack-Lab 2017 #3

What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills with their fellows. Topics The following topics, tools and technology has been discussed during this Hack-Lab: Nessus Automation Tools Automate Everything Frida on an […]

Continue reading

Compass Security nominated by Prix SVC

Compass Security proudly announces its nomination for the Prix SVC (Swiss Venture Club) award 2016. Out of 180 companies, Compass Security was selected as one of the most innovative companies in the eastern region of Switzerland. Because the award ceremony is being broadcasted by TVO, we had to slip into a tuxedo and play the […]

Continue reading

BurpSentinel on Darknet

Compass Security is developing security tools on regular basis. I for myself created a plugin/extension for Burp Intercepting Proxy called BurpSentinel. It can makes some tedious manual testing more automated, and helps identifying security vulnerabilities in web applications like XSS weaknesses or SQL injections. Compared to fully automated scanners (like the one already integrated into Burp), it has […]

Continue reading

iPhone & iPad Security Kurs in Bern

Mobile Geräte sind ein wesentlicher Teil unseres Lebens, sowohl im Privaten als auch im Unternehmensumfeld. Diesen September führt Compass Security das erste Mal in Bern den iPhone & iPad Security Kurs durch. Was sind die Sicherheitskonzepte bei iOS-Geräten? Wie können iOS-Devices ins Unternehmensumfeld eingebunden werden? Welches sind die gängigen Angriffe und wie kann man sich […]

Continue reading

Release of Smart Meter Security Controls Whitepaper at Hack in Paris 2014

This article was published when I just flipped through the final slides talking at “Hack in Paris” on smart meter wireless protocol issues. The combo of trainings, conference and the “nuit du hack” is held at the Disney Land Resort Paris for the 4th edition. Yes, Disney Land. When I arrived at the hotel I […]

Continue reading

OWASP Switzerland – SSL/TLS Talk

On this Wednesday (09.04.2014) I gave a presentation at OWASP Switzerland chapter. Initially I choose to present an overview of SSL/TLS, which is based on our previous blog article Compass SSL/TLS recommandations. Accidently, the timing with the OpenSSL heartbleed bug was perfect, so the presentation was updated in time with several slides about this current vulnerability. […]

Continue reading

Compass Security eröffnet Niederlassung in Berlin

Die Compass Security AG unternimmt die nächsten Wachstumsschritte auf europäischer Ebene. Unter der Firmierung Compass Security Deutschland GmbH ( hat das Team rund um Marco Di Filippo (bisher Regional Director Germany) am 01. Januar 2013 ihre Arbeit in Berlin aufgenommen. Die hohe Nachfrage aus dem Raum Deutschland veranlasste die Compass Security AG, ihre Aktivitäten sowie […]

Continue reading

Digicomp Hacking Day 2012

Am 14. Juni 2012 fand in Zürich bei der Digicomp der Hacking Day 2012 statt. Mit einem interessanten Angebot an Vorträgen konnten sich IT Security Interessierte über aktuelle Cyber Bedrohungen informieren. Die Keynote machte Thomas Dübendorfer (Google) und danach gings mit Triple Tracks weiter. Ich habe am Vormittag eine Stunde OWASP TOP 10 Theorie vermittelt […]

Continue reading

Older posts