Beer-Talk #18 in Berlin: How to pwn a Global Player in two days

Thanks to greater financial and personal resources, large companies are better equipped against hacking attacks than smaller companies and startups. But is that really true? We will find out in our next Beer Talk. Join us February.

The Beer-Talk will consist of a 45-minute technical presentation in German followed by discussions over a snack. The participation is free but a registration is required.



It is assumed that large companies have more money and personnel available to secure their systems, which is why global players are considered to be well-protected against hacking attacks. In many cases this might be true, but definitely not in all of them.

In this presentation we will give you an insight into the state of IT security and show that global players are just as vulnerable as startups. Using a case study, we question the equation "turnover = security". Further, we will present our approach in a penetration test, during which we were able to take over an entire company within two days and were able to "steal" customer and other sensitive data. 



Stephan Sekula has been an IT Security Analyst with Compass Security since 2013. He plans und performs penetration tests to uncover vulnerabilities - before the "real hackers" do. Also, he gives lectures and conducts workshops in order to increase IT security awareness.

Tino Kautschke has been an IT Security Analyst with Compass Security since 2017. He is experienced in software development and reverse engineering and checks IT systems for vulnerabilties. 



Monday, February 25, 2019, start at 18.00

Compass Security Deutschland GmbH, Tauentzienstraße 18, 10789 Berlin



Come by, enjoy the talk and the free snack. Please register with your first name, surname and enterprise name at

Registration deadline: Thursday, Februar 21, at noon





Vulnerability in mod_auth_openidc module

Mischa Bachmann has identified a reflected cross site scripting (XSS) vulnerability in the mod_auth_openidc module for the Apache 2.x HTTP server. Read more

Compass Security supervises scientific work

Compass Security volunteers as supervisor for academic work and studies relating to information security. Read more

Vulnerability in the Siemens SICAM A8000 Series web interface

Emanuel Duss and Nicolas Heiniger have identified an XXE vulnerability in the web interface of the Siemens SICAM A8000 Series. Read more


Compass Security Blog

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr