Privilege escalation in Windows Domains (2/3)
This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr
Compass Security Schweiz AG
Werkstrasse 20
8645 Jona
Schweiz
Presentations
We also present the results of our research at various public events. These presentations are available here for you to download.
Downloads
- Red Teaming by Compass Security (Compass Jubiläum, Patrick Vananti, Juni 2019) (2 MB)
- WiFi from Open to WPA3 (Beer-Talk, Felix Sieges, Feb/März 2019) (3 MB)
- How to pwn a Global Player (Beer-Talk, St. Sekula und T. Kautschke, Februar 2019) (613 KB)
- Lazy ways to own Networks (Beer-Talk, Nicolas Heiniger, Sep/Okt 2018) (2 MB)
- Phishing with Compass Security (Beer-Talk, Zürich/Bern, A. Joss/S. Heiniger, Juni/Juli 2018) (3 MB)
- Cyber Security Kung-Fu (Innovationstagung der HSR Hochschule Rapperswil, Ivan Bütler, September 2017) (903 KB)
- Software Defined Radio (Beer-Talk, Reto Schädler, Juni 2017) (2 MB)
- Defeating Man-in-the-Browser Attacks with Clickstream (Beer-Talk Jona/Bern, David Stark, März 2017) (1 MB)
- Exchange Forensic (Beer-Talk Berlin/Jona/Bern, Damian Pfammatter, September 2016) (4 MB)
- Ransomware - wie schütze ich mein Unternehmen? (Beer-Talk Berlin, Jan-Tilo Kirchhhoff, Juni 2016) (2 MB)
- SAML: With Great Power Comes Great Pwnage (area41 Zürich, A. Neuenschwander/R. Bischofberger, Juni 2016) (3 MB)
- SSL/TLS: Angriffe und Gegenmassnahmen (Beer-Talk Bern/Jona, Rolf Oppliger, Mai/Juni 2016) (17 MB)
- Linux Exploit Mitigation (Beer-Talk Jona/Bern, Dobin Rutishauser, März 2016) (3 MB)
- SAML 2.0 Security (Beer-Talk Berlin, Stephan Sekula, Februar 2016) (2 MB)
- SAML 2.0 Security (Beer-Talk Jona/Bern, A. Neuenschwander/R. Bischofberger, Januar 2016) (3 MB)
- Home Router als Einfallstor ins Firmennetzwerk? (Beer-Talk Berlin, Walter Sprenger, November 2015) (2 MB)
- Windows Phone 8.1 (Beer-Talk Berlin, Stephan Sekula, Juli 2015) (2 MB)
- Windows Phone 8.1 (Beer-Talk Bern/Jona, A. Herzog/C. Bannwart, Juni 2016) (2 MB)
- APT Detection mit Splunk (Beer-Talk Berlin, Ivan Bütler, Mai 2015) (3 MB)
- Social Engineering - The Devil is in the Details (Beer-Talk Jona/Bern, Ivano Somaini, März 2015) (4 MB)
- Smartphone and DriveBy Attacks (Beer-Talk Berlin, Walter Sprenger, Februar 2015) (765 KB)
- Smashing PLCs for Fun and Profit (Beer-Talk Berlin, Stephan Sekula, Februar 2015)15) (5 MB)
- Smashing PLCs for Fun and Profit (Beer-Talk Bern, Mateusz Khalil, November 2014) (961 KB)
- APT Detection mit Splunk (Beer-Talk Jona, Ivan Bütler, September 2014) (3 MB)
- Crypto-basierender Sicherheitsmechanismus in Windows und .Net (Beer-Talk Jona/Bern, Alexandre Herzog, März 2014)27.03.14) (2 MB)
- SuisseID als PKI-Ersatz für KMU? (Beer-Talk Jona/Bern, Stephan Rickauer, Oktober 2013) (960 KB)
- Energy Fraud and Orchestrated Blackouts (Beer-Talk Jona/Bern, Cyrill Brunschwiler, Aug/Sept 2013), 29.08.13 und Bern, 12.09.13) (4 MB)
- Wireless M-Bus Security, Whitepaper (Beer-Talk Jona/Bern, Cyrill Brunschwiler, Aug/Sept 2013) (5 MB)
- Black Hat Las Vegas: Summary/Field Report (Thomas Röthlisberger, Sascha Herzog, August 2013) (656 KB)
- Black Hat Las Vegas: Energy Fraud and Orchestrated Blackouts (Cyrill Brunschwiler, August 2013) (2 MB)
- Black Hat Las Vegas: Wireless M-Bus Security, Whitepaper (Cyrill Brunschwiler, August 2013) (5 MB)
- SharePoint Security Revealed (Beer-Talk Jona/Bern, Thomas Röthlisberger, Jun/Jul 2013) (5 MB)
- Hacking Industrial Control Systems (Beer-Talk Jona, Marco Di Filippo, März 2013) (5 MB)
- Cyber-Bedrohungen (Beer-Talk Jona, MELANI, März 2013) (868 KB)
- Social Engineering / SmartPhone und DriveBy (Beer-Talk, Walter Sprenger, Oktober 2012) (859 KB)
- Incident Erfahrungen / Forensic Readiness (Beer-Talk, Stephan Rickaucer, August 2012) (813 KB)
- Black Hat Las Vegas: Summary/Field Report (R. Trombini/M. Loher, August 2012) (1 MB)
- IPv6 (Beer-Talk, Rainer Giedat, Juni 2012) (2 MB)
- Advanced Web Security (Beer-Talk, Philipp Oesch, März 2012) (2 MB)
- Swiss National Cyber Defense Strategy (Beer-Talk, ISSS/VBS, November 2011) (2 MB)
- iPhone Hacking (Beer-Talk, Riccardo Trombini, September 2011) (4 MB)
- Black Hat Las Vegas: Summary/Field Report (Roger Blum/Michael Schmidt, August 2011) (758 KB)
- HTML5 Research (Beer-Talk, Michael Schmidt, Juli 2011) (2 MB)
- Cyberwar (Swiss IT Leadership Forum, Ivan Bütler, Juni 2011) (2 MB)
Compass Security Blog
Privilege escalation in Windows Domains (1/3)
This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr
CALENDAR
Securing Industrial IoT
On August 29, 2019, experts from research and practice will meet in Bremen to discuss how industry companies and CIP operators can actively protect... Read more
Beer-Talk #20 in Berlin: Keep Calm and Dump Your Memory
Cybercriminals are constantly finding sophisticated ways to infect computers or mobile devices with malware. What you should NOT do (and why) if your... Read more
Cyber Risks – from abstract risk to everyday reality
The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more
NEWS
Vulnerability in "The Scheduler" Plugin for Jira
Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more
Vulnerability in the Email+ iOS Application from MobileIron
Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more
Vulnerabilities in Universal Automation Center (UAC)
Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more