Swiss Cyber Storm 2019

The IT Security Conference on 15 October 2019 will run under the motto "Embracing the Hackers". Compass Security matches with this motto and is present in Bern once again.

Swiss Cyber Storm (SCS) welcomes the development

  • that the regulators are working for more openness in the development process,
  • that red teams are being formed and
  • that Swiss companies are thinking about launching buq bounty programs.


So SCS dedicates the next conference to the motto "Embracing the Hackers". The speakers have immerse oneself in the systems during their reserch and have dug for fundamental bugs. They are now presenting their findings at SCS 2019.

On the event website you can find out which tech tracks, management tracks and academy talks are already fixed:


Cyrill Brunschwiler, Patrick Vananti and Daniel Schenker welcome you at our booth and will be happy to discuss the latest procedures with you:

Read Teaming

In addition to classic penttesting, we apply more comprehensive attack tactics in red teaming. As with real attacks, technical, physical, organizational and human components are targeted to improve your detection rate and train your crisis organization. Our experts will show you the benefits of Red Teaming and advise you on the planning and implementation of Red Teaming initiatives.


Blue Teaming

Cyber insurances are in the process of being reviewed by many companies. Having damage coverage is one thing, having a powerful force at hand is another. We will show you how we support our customers around the clock in emergencies, limit the expansion of losses and clarify cases.


Red Team vs. Blue Team

Do you feel like an attacker with many tricks up your sleeve? Or are you the one who detects attacks and ward them off? Red versus Blue - test yourself at our booth - offline!

In addtion, our Mini-CTF with tricky (online) challenges is waiting for you. Let us surprise you!


Mobile Security Talk

The number of attacks using malicious mobile software is increasing rapidly.

  • What are the current dangers of using smartphones?
  • How can you protect yourself against these?
  • What protective measures can be taken as an developer?

Cyrill Bannwart, security analyst and CTO at Compass, has a lot to tell - listen to him and benefit of his research. His talk start at 2.45 p.m.


Redeem your Voucher

You will receive a 15 % discount if you register with our voucher code
«SCS19-COMPASS» (CHF 416.50 instead of CHF 490).


Come by and visit us at SCS 2019!


Vulnerability in Mailster

Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more

Secure Payments on th Internet

More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more

Vulnerability in Froala WYSIWYG HTML Editor

Security Analyst Emanuel Duss identified a DOM XSS vulnerability in the Froala WYSIWYG HTML Editor Read more


Compass Security Blog

Yet Another Froala 0-Day XSS

Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr

Relaying NTLM authentication over RPC

Since a few years, we - as pentesters - (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for... mehr