Compass Security Blog

Offensive Defense

Page 2 of 23

Docker Forensics

November 8, 2021 / / 0 Comments

Sometimes one goes deep down the rabbit hole, only to notice later that what we were looking for is just under one’s nose.

This is the story of a digital forensic analysis on a Linux system running docker containers. Our customer was informed by a network provider that one of his system was actively attacking other systems on the Internet. The system responsible for the attacks was identified and shut down.

Our DFIR hotline responded to the call and we were provided with a disk image (VMDK) to perform a digital forensic analysis.

Continue reading

SAML Padding Oracle

September 30, 2021 / / 2 Comments

ArcGIS [1] is a family of software providing geographic information system services. While testing a customer’s ArcGIS architecture we came across a SAML login flow. In this blogpost we show how we found and exploited an AES-CBC padding oracle in this flow.

Continue reading

Ionic Identity Vault Biometric Authentication Bypass

September 8, 2021 / / 0 Comments

During a customer project, we could bypass the biometric authentication mechanism of Ionic Identity Vault on Android, because the Android KeyStore entry does not require any authentication. This post shows how this was done and how it can be exploited.

Continue reading

NTLM Relay over DCOM

Relaying NTLM authentication over RPC again…

August 9, 2021 / / 2 Comments

A little bit over a year ago, I wrote an article on this blog about CVE-2020-1113 and how it enabled to execute code on a remote machine through relaying NTLM authentication over RPC triggering a scheduled task on the remote system. History repeats itself and a vulnerability of the same category has been fixed by Microsoft in June this year.

Continue reading

Security Best Practices for On-Premise Environments

June 2, 2021 / / 4 Comments

Due to recent developments we figured it would be great to contribute a cheat sheet and create security best-practices on how to tie down a Microsoft on-prem environment. Our work mostly relies on MS recommendations. However, we put some effort to really condense it to the essence. We hope to see this applied everywhere and thus open-sourced everything in our GitHub repository.

Continue reading

Printer Tricks Episode II – Attack of the Clones

May 11, 2021 / / 2 Comments

We show how to decrypt passwords from the configuration backup of a Xerox WorkCentre and how, during the reverse engineering, a command injection vulnerability was discovered (CVE-2021-27508).

Continue reading

Straightforward Mobile Forensics

April 20, 2021 / / 0 Comments

We put more and more sensitive data on mobile devices. For many private conversations we use mobile applications, such as WhatsApp. This smooth access to the data and the Internet provides multiple benefits in our lives. On the other side, new attack vectors are created. Phishing messages do not need to be delivered in an […]

Continue reading

SAML Raider Release 1.4.0

March 23, 2021 / / 0 Comments

SAML Raider 1.4.0 is out which contains several new features like UI changes, new text editor, raw mode, XSW match/replace, parameter name definition and attack templates for XXE and XSLT attacks.

Continue reading

The Good Old DNS Rebinding

February 23, 2021 / / 1 Comment

A post on how to trick browsers to work as a gateway to internal web servers and IoT devices, the concepts behind and how to easily exploit DNS rebinding using the Singularity of Origin framework.

Continue reading

.CH Zone Lookup Tool

January 7, 2021 / / 0 Comments

Fighting cybercrime is one of the reason Switch announced to publish the .ch zone. Switzerland has a law on Open-Government-Data-Strategy that follows the open-by-default strategy The .ch zone file contains all registered .ch domain names that have a NS record that points to the nameserver that gives authoritative answers for that domain name. Compass Security is offering […]

Continue reading

« Older posts Newer posts »

Categories

© 2022 Compass Security Blog

Up ↑