Compass Security supervises scientific work

Compass Security volunteers as supervisor for academic work and studies relating to information security.

We support students to link theory with practice, either on a subject of their own choosing or with questions and challenges the security industry is currently facing.

Last year we accompanied two papers of students at the Hochschule für Technik Rapperswil (HSR). The students tackled tricky problems around the online platform Hacking-Lab. Hacking-Lab is used at the HSR as a training platform in the fields of information security.
 

Emil on Steroids

Authors: Sven Defatsch und Patrick Steinhäusl
Examinator: Cyrill Brunschwiler

Hacking-Lab hosts a fictitious webshop (bells shop) which is used for trainings on "Secure Web Applications". The shop has now been ported to a recent technology stack (MEAN). In addition to the classic vulnerabilities, latest issues have also been packed into application. Thus, the new shop features issues around templating, de-serialization, NoSQL, JWT or Web Sockets.

 

Hacking-Lab 2.0

Authors: Janick Engeler, Yanick Gubler
Thesis Advisor: Ivan Bütler

High scalability and worldwide usability - the implementation of these two requirements poses a number of challenges: avoiding performance bottlenecks, enabling multilingual system operation, avoiding additional effort when capturing new challenges and sample solutions, etc.

 

Congratulations both teams on their successful work!

 

The abstracts of these - and more - papers can be found here: https://www.compass-security.com/research/studien/ 

CALENDAR

Security Training: Social Engineering

In the 2-day course (in German) from June 9/10, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more

it-sa 2020

Europas führende Fachmesse für IT-Sicherheit findet vom 06. - bis 08. Oktober 2020 im Messezentrum Nürnberg (DE) statt. Reservieren Sie bereits heute... Read more

ALL DATES

Compass Security Blog

Relaying NTLM authentication over RPC

Since a few years, we - as pentesters - (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for... mehr

Reversing a .NET Orcus dropper

In this blog post we will reverse engineer a sample which acts as downloader for malware (aka a “dropper”). It is not uncommon to find such a downloader during DFIR engagements so we decided to take a... mehr

ZUM BLOG