Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

Downloads

The continuing education is an important topic for Compass employees. During self-financed studies or in cooperation with partners we create publications and tools which you may download from this page. Are you interested to conduct a study? Get in touch with us and we will be glad to support you in the research of security problems.

Overview

The files can be downloaded as pdf pdf

   
2013 Mar Beer-Talk #8 - Hacking Industrial Control Systems
2013 Mar Beer-Talk #8 - Cyber-Bedrohung (MELANI)
2012 Oct Beer-Talk #7 - Social Engineering / SmartPhone and DriveBy
2012 Aug Beer-Talk #6 - Incident Experiences/Forensic Readiness
2012 Jun Beer-Talk #5 - IPv6
2012 Mar Beer-Talk #4 - Advanced Web Security
2012 Jan Fachanlass "Mobilität und Sicherheit" der Fachgruppe Sicherheitstechnik FGST, Swiss Engineers
2011 Dec Sophos Roadshow "Anatomy of an Attack": "Cloud Computing - Sonnenschein oder Donnerwetter?"
2011 Dec HTML5 Web Security
2011 Nov Beer-Talk # 3 - Swiss National Cyber Defense Strategy
2011 Oct Compass Live-Hacking at it-sa: VoIP
2011 Oct Compass Live-Hacking at it-sa: Phishing
2011 Oct Compass Live-Hacking at it-sa: Mobile Security
2011 Sept Beer-Talk # 2 - iPhone Security
2011 Aug BlackHat / Defcon 2011, Las Vegas - Field report by Compass
2011 Jul Beer-Talk # 1 - HTML5 Web Security
2011 Jun Swiss IT Leadership Forum 2011 - Cyberwar
2011 Jun Digicomp HackingDay 2011 - Cybercrime today
2011 May SCS3 - IPv6 & Cyber Security - Alaa Al-Din Al-Radhi
2011 May SCS3 - Open Web Application Security Project - Antonio Fontes
2011 May SCS3 - Potential dangers of Activex attacks - Brian Mariani
2011 May SCS3 - Threats On Your Smartphone - Celil Ünüver
2011 May SCS3 - How to beat a dragon with a shark - Christian Beek
2011 May SCS3 - ZeuS MitMo: a real case of banking fraud through mobile phones - Daniel L. Creus
2011 May SCS3 - Achieving Low-Latency Security - Darren Turnbull
2011 May SCS3 - Social Engineering - “Because there is no patch for human stupidity” - Dave Wollmann
2011 May SCS3 - Data Breaches: Legal Obligations And Practices For Businesses - David Rosenthal
2011 May SCS3 - Corporate IT Forensic Readiness - Bruce Nikkel
2011 May SCS3 - Hunting Slowloris and Friends -Christian Folini
2011 May SCS3 - Collective Prediction in Digital Social Networks Through Discovery of Collaborative Innovation Networks - Peter A. Gloor
2011 May SCS3 - Exploiting SCADA Systems - Jeremy Brown
2011 May SCS3 - Application Security as a Team Effort - Jörg Ewald
2011 May SCS3 - iOS applications reverse engineering - Julien Bachmann
2011 May SCS3 - Obfuscated Malc0de Hunting with Emulator+Disassembler - Lee Ling Chuan
2011 May SCS3 - Is Switzerland under attack? - Marc Henauer
2011 May SCS3 - HTTP Parameter Pollution Vulnerabilities in Web Applications - Marco Balduzzi
2011 May SCS3 - I Control Your Code – Attack Vectors Through the Eyes of Software-based Fault Isolation - Mathias Payer
2011 May SCS3 - Modern Criminal Networks: Infrastructure and Tasks Segmentation of Today's Criminal Groups in Cyberspace - Mauro Vignati
2011 May SCS3 - Cyber Warfare Prediction - Daniel Ng (Ching Wa)
2011 May SCS3 - Cryptography: how to break it in practice if you must? - Pascal Junod
2011 May SCS3 - Botnet Resistant Coding - Rothschild/Greko
2011 May SCS3 - Auditing the Hacker’s Mind : wrong myths, real facts and the Hackers Profiling Project (HPP) - Raoul Chiesa
2011 May SCS3 - Attacks against governmental organizations and appropriate incident response procedures - Reto Inversini
2011 May SCS3 - Cookiejacking - Rosario Valotta
2011 May SCS3 - Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars - Srdjan Capkun
2011 May SCS3 - Fixing the Fundamental Failures of End-Point Security - Stefan Frei
2011 May SCS3 - DOM XssIdentificationand Exploitation - Stefano Di Paola
2011 May SCS3 - Strong Authentication in Web Application“State of the Art 2011” - Sylvain Maret
2011 May SCS3 - Reality check: 2011 Verizon Data Breach Investigations Report - Thijs Bosschert
2011 May SCS3 - HTML5 Web Security - Thomas Röthlisberger
2011 May SCS3 - Protecting Web Applications with Port Knocking - Yiannis Pavlosoglou
2011 Mar Records Management Konferenz - Coud Security / Social Media
2011 Feb HEIG-VD Security Day - Social Engineering Attacks
2010 Mobilephone Security
2010 Nov W-jax, Munich - XML External Entity Attacks (XXE)
2010 Sept Compass Event - ASP.NET and ViewState Security
2010 Sept Compass Event - Bypassing Same Origin Policy for Mash Ups
2010 Sept Compass Event - Apple iOS 4 Privacy
2010 Sept Compass Event - Mobile Security
2010 Sept Compass Event - Windows Attack
2010 Feb MCTA - Workshop "Mobile Security"
2009 Oct Compass Event - Security Evaluation of Crealogix CLX.Sentinel
2009 Oct Compass Event - Social Engineering Attacks
2009 Oct Compass Event - Compass expand NMAP by SCTP
2009 Oct Compass Event - 0-day Exploits: Are we powerless?
2009 Jul Pandora's Cyber Box
2009 June Social Engineering Test Cases
2009 May SCSII - Oracle Security
2009 May SCSII - Reverse Code Engineering
2009 May SCSII - WLAN Security
2009 May SCSII - VPN with Windows 7
2009 May SCSII - NFS
2009 May SCSII - Hacking Legal
2009 May SCSII - Anti-Virus Secrets
2009 May SCSII - ZFS
2009 May SCSII - Unix Security
2009 May SCSII - Lsrunase Supercrypt
2009 May SCSII - Observation Plugin
2009 May SCSII - Hacker Paragraph
2009 May SCSII - Internet Threats
2009 May SCSII - Raiffeisen E-Banking Security
2009 May SCSII - Windows Update
2009 May SCSII - Cybercrime Today
2009 May SCSII - FastFlux / ZeuS
2009 May SCSII - DECT Hacking
2009 May SCSII - DriveBy Infection
2008 Nov XSS Shell
2008 Nov Smartcard APDU Analysis
2008 Nov Teredo - Ipv6 Security
2008 Nov Vmware Device Driver Exploit
2008 Nov E-Banking Trends
2008 Nov Cross Site Request Forgery
2008 Oct Internet in China - The Great Firewall
2008 Aug Summary Blackhat / Defcon 2008
2008 May Malware Distribution
2008 Apr Web 2.0 Event - Slides
2008 Feb Summary Blackhat / Defcon 2007
2008 Feb Breaking TOR Anonymity
2007 Nov Hash Injection Attacke
2007 Oct Wireless Drive-By Hacking
2007 Oct DNS Attacken - Advanced Methoden
2007 Oct Verseuchung von Viren über E-Bay Hardware
2007 Oct Browser Plugins und Extensions - the Hackers View
2007 Oct Kerberos Session Hijacking Attacke
2007 Oct Tempest Attacke - Abhören des LCD Screen
2007 Aug Solaris10 into Active Directory Integration
2007 Jun U3 USB Stick (In-)Security
2007 Jan Universal PDF XSS
2006 Dec Hardening Checkliste Windows 2003 Intranet Basis
2006 Dec Hardening Checkliste Exchange 2003
2006 Dec Hardening Checkliste Windows XP
2006 Dec Hardening Checkliste IIS 6.0 im Intranet
2006 Dec Hardening Checkliste Microsoft SQL Server 2000
2006 Dec Hardening Checkliste ISA Server 2004 Intranet
2006 Dec Summary Blackhat / Defcon 2006
2006 Oct Skype Trojaner
2006 Oct BHO (Browser Helper Object) Angriff
2006 Oct Shellcode Proxying/CoreImpact
2006 Oct Oracle Datenbank Sicherheit
2006 Oct Static/Dynamic Payload Analysis
2006 Oct IE Fuzzing and Microsoft Incident Handling
2006 Jun Phishing-Frühwarnsystem
2006 May Ratgeber zu Solaris-Ermittlungen
2006 Mar Harddisk ATA Security
2005 Nov Time Stamping Authority
2005 Nov Terminal Server Break-Out
2005 Nov Advanced Phishing
2005 Nov MELANI
2005 Nov Hackerspuren in Web Applikationen
2005 Nov VoIP Angriffe
2005 Oct Forensik in E-Business-Anwendungen
2005 Jul Bedrohungen Web-Applikationen
2005 Feb Securing Wireless Networks
2004 Dec 24-Stunden-Spiel "Die Computer-Knacker"
2004 Nov Sicherheit bei automatisierten Windows Installationen
2004 Oct Covert Channel - Inside Out
2004 Oct Computerforensik und -kriminalität
2004 Aug .NET Basics & Security
2004 Apr Inside-Out Attacks
2004 Apr Spyware Analysis
2004 Apr Windows Evidence Gathering
2004 Apr Überwachung elektronischer Kommunikation
2004 Apr J2EE Trojaner
2004 Apr Windows 2003 - Security Hints
2004 Mar Chrooting Unix Services (Apache, MySQL, Tomcat)
2003 Sept Laptop Security
2003 Sept Kernel Hooks und Spy-Detection
2003 Aug Argus PitBull B1 Erläuterungen
2003 Jul Cross Site Scripting Attacken
2003 Jun TCP/IP Gender Ganger
2003 May Questions to Penetration Test
2003 Apr LASEC SSL Sicherheitslücke
2003 Mar Cross Site Tracing Schwachstelle in Web Anwendungen
2003 Mar Linux ptrace Sicherheitslücke
2003 Mar SSL Sicherheitslücke - Timing Attack
2003 Mar Präsentation zum Thema Security Assessment
2003 Mar Rechtliche Aspekte von Security Assessments
2003 Jan Finjan SurfinGate V5.6 Security Considerations
2003 Jan Session Fixation Schwachstelle in Web Anwendungen
2003 Jan Webservices Sicherheitsüberlegungen
2003 Jan VPN Gefahrenanalyse
2003 Jan Shatter Attack
2003 Jan Security von Wireless Networks
2002 Oct Java Datenstrom Inspection
2002 Oct File-Type Analyse (Content Filter)
2002 Jun Hardening Windows NT
2002 Feb Leitfaden Penetration Tests isb.admin.ch
2001 Jun Hardening Oracle
2001 Mar Hardening Solaris
2000 Oct Hardening WebSphere
1999 Nov Leitfaden Tiger-Team Services FGSEC

News

Vulnerability in ALFContact (Joomla Extension)
5/15/13 - Stefan Horlacher identified Cross-Site-Scripting Vulnerability

jNews Core (joomla Extension) - Multiple XSS Vulnerabilities
5/6/13 - Stefan Horlacher identified multiple XSS Vulnerabilities.

Web vulnerabilities in Remository, HikaShop and Real Estate Manager
4/9/13 - Stefan Horlacher identified several web vulnerabilities in different products und frameworks.

Web vulnerabilities in AcyMailing, FLEXIcontent, jDownloads and K2
4/9/13 - Stefan Horlacher identified serveral web vulnerabilities in different products and frameworks.

Multiple Cross-Site Scripting Vulnerabilities
4/9/13 - Axel Neumann identified Multiple Cross-Site Scripting Vulenerabilities in SAP Business Objects Enterprise XI