Lots of things happened since my first (and unique) blog post about ASP.NET Viewstate and its related weakness. This blog post will not yet disclose all the details or contain tools to exploit applications, but give some ideas why it’s really mandatory to both correct your web applications and install the ASP.NET patch. Back in […]
Compass Security is working on an APT Detection Engine based on Splunk within the Hacking-Lab environment. Hacking-Lab is a remote training lab for cyber specialists, used by more then 22’000 users world-wide, run by Security Competence GmbH. An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network […]
Compass Security is developing security tools on regular basis. I for myself created a plugin/extension for Burp Intercepting Proxy called BurpSentinel. It can makes some tedious manual testing more automated, and helps identifying security vulnerabilities in web applications like XSS weaknesses or SQL injections. Compared to fully automated scanners (like the one already integrated into Burp), it has […]
Black Hat USA in Las Vegas is one of the biggest IT security conferences in the world. Every year, thousands of security-interested people attend the conference that is held in the infamous Mandala Bay, in the heart of Las Vegas. And as every year, two security analysts of Compass have participated the conference to learn […]
Nachdem am 25. Mai 2014 bereits Alexandre Herzog, CTO bei Compass Security, mit dem 1337-Award durch die SGRP, einer Alumni-Organisation für MAS Information Security[1] Absolventen der Hochschule Luzern, ausgezeichnet [2] wurde, ist es erneut einem Compass Mitarbeiter gelungen, die Fachjury von seinem ausserordentlichen Wissen und Können zu überzeugen. Lukas Reschke hat im Rahmen seines Praktikums […]
Mobile Geräte sind ein wesentlicher Teil unseres Lebens, sowohl im Privaten als auch im Unternehmensumfeld. Diesen September führt Compass Security das erste Mal in Bern den iPhone & iPad Security Kurs durch. Was sind die Sicherheitskonzepte bei iOS-Geräten? Wie können iOS-Devices ins Unternehmensumfeld eingebunden werden? Welches sind die gängigen Angriffe und wie kann man sich […]
This article was published when I just flipped through the final slides talking at “Hack in Paris” on smart meter wireless protocol issues. The combo of trainings, conference and the “nuit du hack” is held at the Disney Land Resort Paris for the 4th edition. Yes, Disney Land. When I arrived at the hotel I […]
Area41 (@a41con) is a security conference held in Switzerland. Its the successor of the highly successful Hashdays. Several Compass Security Switzerland employees volunteered to help organizing this event. Some say, we completely infiltrated Area41! The compound of Komplex 457 was pretty awesome. There was enough space in the main hall for to accommodate all viewers, […]
On this Wednesday (09.04.2014) I gave a presentation at OWASP Switzerland chapter. Initially I choose to present an overview of SSL/TLS, which is based on our previous blog article Compass SSL/TLS recommandations. Accidently, the timing with the OpenSSL heartbleed bug was perfect, so the presentation was updated in time with several slides about this current vulnerability. […]
Compass crew members just got back to work from a fun weekend/night at Insomni’hack (Geneva) where hackers met [0] to solve puzzles and enjoying the hacker community. On the way back home was sufficient time to clean-up systems and to reflect on some of the challenges. There was a variety of brain teasing puzzles relating […]
© 2025 Compass Security Blog