Compass Security Blog

Offensive Defense

Page 2 of 2

No Passwords More Problems

Passwordless products promise greater security and convenience by allowing users to log in to Windows systems with only their smartphone. But what is going on behind the scenes and how could a domain’s security stance be worsened by such a solution? In this post I will explain how these products are implemented and detail the vulnerabilities and weaknesses discovered in three tested products.

Continue reading

SharePoint: Collaboration vs. XSS

SharePoint is a very popular browser-based collaboration and content management platform. Due to its high complexity, proprietary technology and confusing terminology it is often perceived as a black-box that IT and security professionals do not feel very comfortable with. These days, web security topics are well understood by many security professionals, penetration testers and vendors. But what […]

Continue reading

SharePoint: How to collaborate with external parties?

Opening up an internal SharePoint farm to the Internet in order to share resources with external parties might seem a good idea, because it helps avoiding expensive infrastructure changes. However, in terms of security, this is not recommended because it does not sufficiently protect internal resources from external threats. The protection of internal resources hinges […]

Continue reading

Wrap-up: Hack-Lab 2017#1

What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills with their fellows. This also includes the improvement of internal tools, the research of newly identified publicly known attacks, and security analysis of hardware […]

Continue reading

Black Hat USA 2013

Black Hat USA is the most famous conference for IT security professionals and hackers around the globe. The highly skilled speakers provide insights into their ongoing research and release their brand new tools. Of course, the spectacular location at Caesars Palace in Las Vegas contributes to the popularity of this conference as well. This year’s […]

Continue reading

Blackhat USA 2012

Black Hat USA in Las Vegas is one of the biggest IT security conferences in the world. Every year, thousands of security-interested people attend the conference that is held in the infamous Caesars Palace, the heart of Las Vegas. And as every year, two security analysts of Compass have participated the conference to learn about […]

Continue reading

Samba Exploit Development Presentation

As penetration testers, our main goal is to identify as many vulnerabilities as possible. This allows our customers to more objectifly assess their security level and to shut as many doors as possible which an intruder could use to break in. This process needs to be based in respect of cost-benefit, depending on risk probabily […]

Continue reading

Research über die Netkit-Telnetd Schwachstelle

Als ich nach den üblichen Weihnachtsfesten auf Twitter die neusten Sicherheitsmeldungen überflog, bin ich auf einen interessanten Blog Eintrag gestossen: A Textbook Buffer Overflow: A Look at the FreeBSD telnetd Code. Der Author beschreibt eine Buffer Overflow Lücke im Netkit Telnet Daemon, der im FreeBSD Betriebssystem verwendet wird. Die Schwachstelle wurde Zwei Tage vorher, am 23.12.2011 veröffentlicht. […]

Continue reading

Newer posts »