SharePoint is a very popular browser-based collaboration and content management platform. Due to its high complexity, proprietary technology and confusing terminology it is often perceived as a black-box that IT and security professionals do not feel very comfortable with. These days, web security topics are well understood by many security professionals, penetration testers and vendors. But what […]
Opening up an internal SharePoint farm to the Internet in order to share resources with external parties might seem a good idea, because it helps avoiding expensive infrastructure changes. However, in terms of security, this is not recommended because it does not sufficiently protect internal resources from external threats. The protection of internal resources hinges […]
What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills with their fellows. This also includes the improvement of internal tools, the research of newly identified publicly known attacks, and security analysis of hardware […]
Introduction It can be very tricky to analyze the relevant service account and its file system permissions in order to evaluate if a compromised ASP.NET application can access sensitive resources (file system / network / processes) on the web server. Especially from IIS 6 to IIS 7.5 there is quite a big change in how […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation Define […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation The last […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation Another pitfall […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation In this […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation In this […]
JBoss is a popular open-source Java application server which underwent a major rewrite of its code-base for its latest version 7.x. Of this new branch, only version 7.1.0.Final, released a week ago, is certified for the Java EE 6 Full Profile. As part of the code rewrite, the configuration settings also got a global overhaul. […]
© 2023 Compass Security Blog