Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

Applied Research

We permanently work on current security topics by systematic and continuous further education in ourtest laboratory. On the one hand we use what we learn from our security assessments, on the other hand we issue technology articles that we publish through our TIGER-INFO mailing list.

Our technology studies are an important component of Compass strategy. We place special emphasis on practical experience rather than limiting ourselves to the study of RFCs and white papers. Our versatile laboratory enables us to carry out extensive tests on many operating systems.

 

Security Topics:

2011

Swiss Cyber Storm 3
iPhone Hacking
GSM Hacking
IMSI Catching
Forensic Investigation
Hacking-Lab / OWASP AppSec USA

2010

Advanced Metasploit Technique
Apache Security Module (mod_but)
.NET Security / ViewState Flaw
Source Code Review Methodology
Compass LiveCD

2009

GPO / Windows Policy
Application Forensics
Tunneling / Putting the camel throught the eye of a needle
 

2008

Universal Windows Proxy
E-Banking VMWare Appliance
Windows Mobile Malicious Code
IPv6 - Teredo
VMWare Exploiting

2007

Firefox Observation Plugin
Flash InSecurity
Paros Smartcard
QR Code Reader
WiFi Driver Exploits

2006

Browser Security
SIP Fuzzing
SmartCard
Layer II Security
Phishing
HTTPS SSO
VoIP Security Test Tool

 

2005

Detect IP addresses for port security
Test reporting suite
Phishing warning system
.NET security demo applikation

2004

DNS tunnel test-suite
Mail security test
VPN bypass security
Port security
Time stamping authority

2003

BlueTooth security
SOAP firewall prototype
Client proxy for SOAP firewall
WebSSH
Apache webentry project (SingleSignOn)
Distributed wireless honeypot
Management dashboard

2002

Vulnerabilities in webservers
Application security testing
Certificate based Outlook WebAccess
Buffer overflows under Windows, study and tools
Process monitor for Windows systems
Process analyzer (API monitor for Windows programs)
HTTP-session management

2001

DNS security (dns packet assembler)
Kevin Mitnick attacking toolkit
PDA security analyze
SMS authentication - Login service by SMS

2000

Windows Snort Intrusion Detection Management Console
SSLProxy/sniffer
Wardialer for Linux using MySQL and advanced technique
S-Tools (Info Gathering)
SecurityCheck via ActiveX

1999

IDS market analysis
Knowledge Management System

News

Vulnerability in ALFContact (Joomla Extension)
5/15/13 - Stefan Horlacher identified Cross-Site-Scripting Vulnerability

jNews Core (joomla Extension) - Multiple XSS Vulnerabilities
5/6/13 - Stefan Horlacher identified multiple XSS Vulnerabilities.

Web vulnerabilities in Remository, HikaShop and Real Estate Manager
4/9/13 - Stefan Horlacher identified several web vulnerabilities in different products und frameworks.

Web vulnerabilities in AcyMailing, FLEXIcontent, jDownloads and K2
4/9/13 - Stefan Horlacher identified serveral web vulnerabilities in different products and frameworks.

Multiple Cross-Site Scripting Vulnerabilities
4/9/13 - Axel Neumann identified Multiple Cross-Site Scripting Vulenerabilities in SAP Business Objects Enterprise XI