Slides available on http://asfws12.files.wordpress.com/2012/11/dropbox-asfws-version.pdf It was a full (or even an overfilled) room, in which several people did not find a seat, which listened to Nicolas Ruff and Florian Ledoux’s presentation. The topic is certainly appealing but the reputation of Nicolas Ruff aka newsoft (“Security researcher, hacker, blogger, serial speaker, troll herder, happy father & […]
Slides available on http://asfws12.files.wordpress.com/2012/11/yverdon-2012-secweb-analyse-tech-vs-contextuelle.pdf This talk from Matthieu Estrade (CTO of Bee Ware), entitled officially “Sécurité des application web, analyse technique versus analyse contextuelle” was in fact a kind of sales pitch for Bee Ware, a special kind of Web Application Firewall (WAF). Compass Security has an extensive knowledge about leading WAF products in the […]
Slides available on http://asfws12.files.wordpress.com/2012/11/appsec2012_opa.pdf Alok Menghragani already presented the initial keynote of the conference. This time, he presented us a personal project, not linked in any ways to his current employer. Started in 2008, OPA is an open-source framework designed for being used by companies. Instead of having to learn different technologies for different platforms, […]
Slides available on http://asfws12.files.wordpress.com/2012/11/mimikatzasfws.pdf Benjamin Delpy, aka GentilKiwi, presented us the sekurLSA and crypto part of his trendy and increasingly famous tool called Mimikatz. If you haven’t heard of it yet, I’m convinced that once you read this article and the slides, you’ll certainly want to try out this great tool immediately on a Windows […]
Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-pascal_junod-jean_roland_schuler-obfuscator.pdf Both presenters, Pascal Junod and Jean-Roland Schuler work for the HES-SO – the University of Applied Science Western Switzerland. This talk is the follow-up of last year’s presentation, including the improvements done since. While Pascal Junod, from the HES-SO HEIVd (Yverdon-les-Bains) focused on obfuscating binaries based on their source code, Jean-Roland […]
Slides available on http://asfws12.files.wordpress.com/2012/11/appsec2012_keynote.pdf Alok Menghragani graduated in Lausanne with a Master at the EPFL before joining Facebook in 2008, which was back then still a young startup with “only” 100 millions users. He gave us an interesting insight in how Facebook manages over 10 millions of lines of code while keeping “move fast and […]
Wednesday 7th of November started early for me as I had to take the train at 6am in Zürich to be in time in Yverdon-les-Bains for the beginning of Application Security Forum – Western Switzerland 2012. This annual security conference, regrouping all actors of the French part of Switzerland during 2 days, invited me to […]
Black Hat USA in Las Vegas is one of the biggest IT security conferences in the world. Every year, thousands of security-interested people attend the conference that is held in the infamous Caesars Palace, the heart of Las Vegas. And as every year, two security analysts of Compass have participated the conference to learn about […]
“Jailbreak Detection” is a set of checks, mostly performed by Mobile Device Management solutions like MobileIron / Good Technologies or other third party Apps to determine if a device is jailbroken or not. It checks if all security controls of Apple’s iOS are still in place and if we can / should / want “trust” […]
During our most recent HackLab Day – a quarterly event where Compass analysts research new security topics or solutions – I have investigated Microsoft’s next version of its mobile operating system “Windows Phone 8” (WP8). This update to the previously released Windows Phone 7 version integrates a complete new Kernel (shared with Windows 8 ) […]
© 2025 Compass Security Blog