Compass Security Blog

Offensive Defense

A Symmetric Cipher Ransomware … YES!

One of the rare cases where we can decrypt and recover files following-up with a ransomware attack.

Continue reading

SAML Padding Oracle

ArcGIS [1] is a family of software providing geographic information system services. While testing a customer’s ArcGIS architecture we came across a SAML login flow. In this blogpost we show how we found and exploited an AES-CBC padding oracle in this flow.

Continue reading