Compass Security Blog

Offensive Defense

No need to break in, use the backdoor

The idea Some time ago I read a tweet about hunting so-called “sticky-keys backdoors”, referencing a presentation at DEFCON 24, https://www.youtube.com/watch?v=EAYtRQKfna0 In addition to the presentation, the team released a tool called “Sticky Keys Slayer” that is publicly available on GitHub, https://github.com/linuz/Sticky-Keys-Slayer/ The sticky-keys backdoor is using a simple trick. On a Windows system, it is possible […]

Continue reading

Simulated Industrial Espionage with the Pwnie Express Device

The Pwnie Express is a device that is designed for remote security testing of corporate and federal facilities and can be used as an “All-In-One” hacking drop box, aiding the pentesters at Compass Security, to conduct “real world” industrial espionage simulations. http://pwnieexpress.com/ The typical penetration testing scenario is: 1) A Compass analyst manages to “social-engineer” […]

Continue reading