The idea Some time ago I read a tweet about hunting so-called “sticky-keys backdoors”, referencing a presentation at DEFCON 24, https://www.youtube.com/watch?v=EAYtRQKfna0 In addition to the presentation, the team released a tool called “Sticky Keys Slayer” that is publicly available on GitHub, https://github.com/linuz/Sticky-Keys-Slayer/ The sticky-keys backdoor is using a simple trick. On a Windows system, it is possible […]
Cryptocurrencies are getting more and more popular nowadays. Price increases of more than fifty percent in a day, something that does not happen on other markets, is nothing uncommon in the world of virtual currencies. Bitcoin, the most popular cryptocurrency, has multiplied its value about 15 times throughout 2017, whereas other currencies, Ethereum for example, […]
The BlackAlps 2017 security conference took place this week in Yverdon-les-Bains: https://www.blackalps.ch. A small delegation of Compass Security was here to present a web application security workshop and also take part in the Y-NOT-CTF. You’ll find below a write-up of the challenges we were able to solve. Fun : Beautiful Alps This was probably the […]
Recently our analysts have been spending increasing amounts of time on IoT security. More specifically looking at the Tensilica Xtensa microcontroller architecture, and even more specifically at the Mongoose OS embedded operating system. With some public (CVE-2017-7185), and some not yet disclosed advisories (watch this space for Dobin Rutishauser’s work), we are happy to announce that […]
This year three Compass analysts, Stephan Sekula, Dobin Rutishauser, and Philipp Promeuschel, attended the BlackHat and DefCon
What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills with their fellows. Topics The following topic, related tools and technology has been discussed during this Hack-Lab: Mobile Application Training focused on iOS and […]
What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills with their fellow analysts. Topics The following topics, tools, and technology has been discussed during this Hack-Lab: Cold Boot Attacks, Fake Mails, Tool Development, […]
Did Roger Federer call us for some IT-security advice or did Nicolas Heiniger and I find a new way to spoof a caller id? The Human Factor is, and remains, the biggest and most relevant threat to the security of every company. The latest statistics state that “only about 3% of the malware they run […]
Perfect Forward Secrecy (PFS) is a concept in Transport Layer Security (TLS) that makes sure that even if attackers manage to gain access to the private key of a certificate, they are not able to decrypt communication from the past (or communication in the future, without using active man in the middle attacks). Or in other […]
Introduction Every year Bitkom and others publish the statistics of detected attacks. These numbers are increasing (30% in 2014, 51% in 2015, 69% in 2016 each regarding the last two years). According to annual Mandiant reports, the duration until an attack is detected is 148 days in median. 148 days is a long time to gain […]
© 2025 Compass Security Blog