Beer-Talk #18 in Berlin: How to pwn a Global Player in two days

Thanks to greater financial and personal resources, large companies are better equipped against hacking attacks than smaller companies and startups. But is that really true? We will find out in our next Beer Talk. Join us February.

The Beer-Talk will consist of a 45-minute technical presentation in German followed by discussions over a snack. The participation is free but a registration is required.



It is assumed that large companies have more money and personnel available to secure their systems, which is why global players are considered to be well-protected against hacking attacks. In many cases this might be true, but definitely not in all of them.

In this presentation we will give you an insight into the state of IT security and show that global players are just as vulnerable as startups. Using a case study, we question the equation "turnover = security". Further, we will present our approach in a penetration test, during which we were able to take over an entire company within two days and were able to "steal" customer and other sensitive data. 



Stephan Sekula has been an IT Security Analyst with Compass Security since 2013. He plans und performs penetration tests to uncover vulnerabilities - before the "real hackers" do. Also, he gives lectures and conducts workshops in order to increase IT security awareness.

Tino Kautschke has been an IT Security Analyst with Compass Security since 2017. He is experienced in software development and reverse engineering and checks IT systems for vulnerabilties. 



Monday, February 25, 2019, start at 18.00

Compass Security Deutschland GmbH, Tauentzienstraße 18, 10789 Berlin



Come by, enjoy the talk and the free snack. Please register with your first name, surname and enterprise name at

Registration deadline: Thursday, Februar 21, at noon





Vulnerability in "The Scheduler" Plugin for Jira

Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more

Vulnerability in the Email+ iOS Application from MobileIron

Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more

Vulnerabilities in Universal Automation Center (UAC)

Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more


Compass Security Blog

Privilege escalation in Windows Domains (2/3)

This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr

Privilege escalation in Windows Domains (1/3)

This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr