Studies

Compass Security supervises students writing a scientific paper on an aspect of IT security as part of their bachelor or master’s degree. We help students to link theory with practice, either on a subject of their own choosing or one of the current questions facing the security industry.

Papers written in cooperation with Compass Security:

ThemaVerfasserJahr
Emil on SteroidsSven Defatsch, Patrick Steinhäusl2018
Hacking-Lab 2.0Janick Engeler, Yanick Gubler2018
RFID WebauthentifizierungAndreas Eder, Pascal Kistler2017
Man-in-the-Browser DetectionMatthias Gabriel, Philip Schmid2017
Malware HuntingOliver Nietlispach, Roman Ehrbar2017
Fish Tank Suite - Proxy Redirection with Fake C&CSilvan Adrian, Fabian Binna2016
Forensic Triage KitMathias Vetsch, Luca Tännler2016
SAML2 Burp PluginRoland Bischofberger, Emanuel Duss2015
XSLT Processing Security and Server Request ForgeriesRoland Bischofberger, Emanuel Duss2014
Forensik virtueller MaschineChristian Wagner2014
Crypto-based security mechanisms in Windows and .NETAlexandre Herzog2013
Smart Energy SecurityCyrill Brunschwiler2013
Sicherheitskonzept für Webservices der Berner FachhochschuleSimon Gerber2012
NFC-SnifferFabian Vogt2012
Web Applikation Security am Beispiel eines Know-How Management SystemFelix Preussner2009

Compass Security Blog

Privilege escalation in Windows Domains (2/3)

This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr

Privilege escalation in Windows Domains (1/3)

This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr

ZUM BLOG

CALENDAR

Securing Industrial IoT

On August 29, 2019, experts from research and practice will meet in Bremen to discuss how industry companies and CIP operators can actively protect... Read more

Cyber Risks – from abstract risk to everyday reality

The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more

Swiss Treasury Summit 2019

Das Schweizer Jahrestreffen der Treasurer - am 11. September 2019 an der HSLU in Rotkreuz. Read more

ALL DATES

NEWS

Vulnerability in "The Scheduler" Plugin for Jira

Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more

Vulnerability in the Email+ iOS Application from MobileIron

Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more

Vulnerabilities in Universal Automation Center (UAC)

Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more

ARCHIVES