Quantcast
Channel: Vulnerability – Compass Security Blog
Browsing all 22 articles
Browse latest View live

SAML SP Authentication Bypass Vulnerability in nevisAuth

Two months ago, we wrote about SAML Raider, a Burp extension which allows automating SAML attacks based on manipulations of the intercepted security assertion. Using this tool, we were able to identify...

View Article



Authentication Bypass in Netgear WNR1000v4 Router

Three months ago I tested the web interface of the Netgear WNR1000v4 router for some typical vulnerabilities. When playing around with the application by forcefully calling different URLs in contexts...

View Article

Image may be NSFW.
Clik here to view.

SAMLRequest Support for SAML Raider

About a year ago, the Burp extension SAML Raider [0] was released as a result of a bachelor thesis [1] in collaboration with Compass Security. This Burp extension automates most of the steps, which are...

View Article

ASP.NET Core 5-RC1 HTTP Header Injection Vulnerability

ASP.NET Core is a open-source and cross-platform framework for building modern cloud based internet connected applications, such as web apps, IoT apps and mobile backends. ASP.NET Core apps can run on...

View Article

Image may be NSFW.
Clik here to view.

Wrap-up: Hack-Lab 2017#1

What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills...

View Article


Image may be NSFW.
Clik here to view.

Wrap-up: Hack-Lab 2017#2

What is a Hack-Lab? Compass Security provides a monthly playful occasion for the security analysts to get-together and try to hack new devices, dive into current technologies and share their skills...

View Article

Image may be NSFW.
Clik here to view.

SharePoint: How to collaborate with external parties?

Opening up an internal SharePoint farm to the Internet in order to share resources with external parties might seem a good idea, because it helps avoiding expensive infrastructure changes. However, in...

View Article

Image may be NSFW.
Clik here to view.

SharePoint: Collaboration vs. XSS

SharePoint is a very popular browser-based collaboration and content management platform. Due to its high complexity, proprietary technology and confusing terminology it is often perceived as a...

View Article


Image may be NSFW.
Clik here to view.

No need to break in, use the backdoor

The idea Some time ago I read a tweet about hunting so-called “sticky-keys backdoors”, referencing a presentation at DEFCON 24, https://www.youtube.com/watch?v=EAYtRQKfna0 In addition to the...

View Article


Image may be NSFW.
Clik here to view.

Introducing Web Vulnerabilities into Native Apps

Intro Mobile applications nowadays make heavy use of WebViews in order to render their user interfaces. Frameworks such as PhoneGap / Apache Cordova are even used to implement most of the...

View Article

New SMBGhost Vulnerability Affects Modern Windows Systems

After the infamous SMBv1 flaw with the name EternalBlue that was discovered some years ago (and all the consequences it had like WannaCry), a new vulnerability (CVE-2020-0796) affecting SMBv3 has been...

View Article

Image may be NSFW.
Clik here to view.

Relaying NTLM authentication over RPC

Since a few years, we – as pentesters – (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for the...

View Article

Image may be NSFW.
Clik here to view.

Yet Another Froala 0-Day XSS

Introduction Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications [1]. Froala sanitizes the user input...

View Article


Image may be NSFW.
Clik here to view.

The Good Old DNS Rebinding

“This application is hosted in our internal network and not exposed to the Internet, why should we invest money and time in securing it? Our employees have access to that data anyway…”If you performed...

View Article

Image may be NSFW.
Clik here to view.

Printer Tricks Episode II – Attack of the Clones

TL;DR: We show how to decrypt passwords from the configuration backup of a Xerox WorkCentre and how, during the reverse engineering, a command injection vulnerability was discovered (CVE-2021-27508)....

View Article


Image may be NSFW.
Clik here to view.

Relaying NTLM authentication over RPC again…

A little bit over a year ago, I wrote an article on this blog about CVE-2020-1113 and how it enabled code execution on a remote machine through relaying NTLM authentication over RPC triggering a...

View Article

Image may be NSFW.
Clik here to view.

Ionic Identity Vault Biometric Authentication Bypass

Ionic Identity Vault is a secure storage solution for Android and iOS mobile apps which can be used to store authentication information like access tokens [1]. This information can be protected, so...

View Article


Image may be NSFW.
Clik here to view.

SAML Padding Oracle

ArcGIS [1] is a family of software providing geographic information system services. While testing a customer’s ArcGIS architecture we came across a SAML login flow. In this blogpost we show how we...

View Article

Image may be NSFW.
Clik here to view.

A Years Worth of Active Directory Privilege Escalation

The end of the year is a good time to sit back and reflect for a moment on the past year. So let us take a look at the ten most common ways how I got Domain Admin privileges in our Active Directory...

View Article

--- Article Not Found! ---

*** *** *** RSSing Note: Article is missing! We don't know where we put it!!. *** ***

View Article
Browsing all 22 articles
Browse latest View live




Latest Images