Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

Applied Research

We permanently work on current security topics by systematic and continuous further education in ourtest laboratory. On the one hand we use what we learn from our security assessments, on the other hand we issue technology articles that we publish through our TIGER-INFO mailing list.

Our technology studies are an important component of Compass strategy. We place special emphasis on practical experience rather than limiting ourselves to the study of RFCs and white papers. Our versatile laboratory enables us to carry out extensive tests on many operating systems.

 

Security Topics:

2011

Swiss Cyber Storm 3
iPhone Hacking
GSM Hacking
IMSI Catching
Forensic Investigation
Hacking-Lab / OWASP AppSec USA

2010

Advanced Metasploit Technique
Apache Security Module (mod_but)
.NET Security / ViewState Flaw
Source Code Review Methodology
Compass LiveCD

2009

GPO / Windows Policy
Application Forensics
Tunneling / Putting the camel throught the eye of a needle
 

2008

Universal Windows Proxy
E-Banking VMWare Appliance
Windows Mobile Malicious Code
IPv6 - Teredo
VMWare Exploiting

2007

Firefox Observation Plugin
Flash InSecurity
Paros Smartcard
QR Code Reader
WiFi Driver Exploits

2006

Browser Security
SIP Fuzzing
SmartCard
Layer II Security
Phishing
HTTPS SSO
VoIP Security Test Tool

 

2005

Detect IP addresses for port security
Test reporting suite
Phishing warning system
.NET security demo applikation

2004

DNS tunnel test-suite
Mail security test
VPN bypass security
Port security
Time stamping authority

2003

BlueTooth security
SOAP firewall prototype
Client proxy for SOAP firewall
WebSSH
Apache webentry project (SingleSignOn)
Distributed wireless honeypot
Management dashboard

2002

Vulnerabilities in webservers
Application security testing
Certificate based Outlook WebAccess
Buffer overflows under Windows, study and tools
Process monitor for Windows systems
Process analyzer (API monitor for Windows programs)
HTTP-session management

2001

DNS security (dns packet assembler)
Kevin Mitnick attacking toolkit
PDA security analyze
SMS authentication - Login service by SMS

2000

Windows Snort Intrusion Detection Management Console
SSLProxy/sniffer
Wardialer for Linux using MySQL and advanced technique
S-Tools (Info Gathering)
SecurityCheck via ActiveX

1999

IDS market analysis
Knowledge Management System

News

HTML5 Web Security
12/7/11 - HTML5 Security Research Report

Review BlackHat / Defcon 2011
11/8/11 - This year, as every year, two security analysts of Compass Security AG participated in the BlackHat and Defcon in Las Vegas.

Oracle RDC Onsite XSS Vulnerability
10/18/11 - Compass Security has found a vulnerability in ORACLE RDC ONSITE.

Course Schedule - New iPhone & iPad Hands-On course
10/6/11 - The new iPhone & iPad Compass course will be held in Switzerland for the first time

it-sa 2011: Compass Live-Hacking at IT-SA 2011 in Nürnberg
9/29/11 - Meet Compass at IT-SA Messestand in Halle 12, Stand 226. We will present Live-Hackign with newest iPhone and Mobile Devices.