Beer-Talk #19 in Berlin: Spear Phishing

When attackers take targeted action against a company, Spear Phishing is still their first choice. The name of this attack technique stems from the sport of spear fishing, where a certain victim is targeted. Thus, in Spear Phishing, e.g., a certain group of people in a company is targeted.

The Beer-Talk is divided in a technical presentation of about 75 minutes followed by discussions over a light meal. The participation is free but a registration is required.



Although this method is very common, and the number of attacks continues to increase, many companies find it difficult to protect themselves against this targeted approach. Spear Phishing is regularly and successfully used by small criminals up to globally acting hacker groups. Successful attacks against companies are in about 95% based on sSpear Phishing.

The following points will be discussed in this Beer-Talk:

  • How did some of the most successful Spear Phishing campaigns of the past look like?
  • How is data about companies collected in order to prepare for attacks?
  • How to protect yourself against Spear Phishing.
  • Which measures can be taken, in case your company fell victim to such an attack?



Ulrich Steiger has been an IT Security Analyst with Compass Security since 2017. He has several years of experience in Reverse Engineering and Fuzzing and tests IT systems for vulnerabilities.



Monday, March 27th 2019, start at 18.00

Compass Security Deutschland GmbH, Tauentzienstr. 18, 10789 Berlin



Come by, enjoy the talk and the free snack. Please register with your first name, surname, and enterprise name by sending an email to

Registration deadline: Thursday, March 24th, 2019, at noon.


Vulnerability in "The Scheduler" Plugin for Jira

Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more

Vulnerability in the Email+ iOS Application from MobileIron

Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more

Vulnerabilities in Universal Automation Center (UAC)

Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more


Compass Security Blog

Privilege escalation in Windows Domains (2/3)

This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr

Privilege escalation in Windows Domains (1/3)

This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr