Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.



Compass Security Blog

Hidden Inbox Rules in Microsoft Exchange

Contents Introduction Attack Overview Step-by-Step Detection Email Clients Administration Tools Exchange Compliance Features MAPI Editor Eradication Microsoft Security Response Center Swiss Cyber... mehr

Area41 2018 Wrap Up

Introduction Last Friday and Saturday (15./16. June 2018), the 6th edition of the security conference Area41 (formerly Hashdays, organized by DEFCON Switzerland... mehr



Beer-Talk #17 in Bern: Lazy ways to own networks

Not every attack technique has to be fancy. Often simple methods are successful too. We will show you some of them at our next Beer-Talk in Bern, on... Read more

Internet Security Days 2018

Am 20./21. September 2018 geht es mal wieder hoch hinauf. Im Phantasialand Brühl (bei Köln) findet die 8. Auflage der Internet Security Days (ISD)... Read more

Industrial Cyber Security Days 2018

IT-Security in industriellen Anlagen – sicher in die Zukunft starten! Read more



Vulnerability in VMware AirWatch iOS Applications

Stephan Sekula has identified a vulnerability in the VMware AirWatch iOS applications Read more

Cross-Site Scripting Vulnerability in IBM Notes Traveler

Stephan Sekula has identified a reflected cross-site scripting vulnerability in IBM Notes Traveler. Read more

Vulnerability in Monstra CMS

Fabio Poloni has identified a Path Traversal vulnerability in the Monstra content management system. Read more