Note: At the end of this series, I’ll provide a free tool that you can use to make your own evaluations easier, so keep an eye out for it! With the variety of Computer Based Security Training (CBTs) out there, it can be tough to make a decision around what to consider when choosing the…

A short while back we released ExploitMe Mobile (EMM), our free, open source project demonstrating common Mobile Security vulnerabilities  in the iOS and Android platforms. ExploitMe Mobile is a training platform built based on the common Mobile Security and Application Security pitfalls. The objectives of the ExploitMe Mobile training platform are: Capture the common security…

Author: +Oliver Ng I’m happy to announce a partnership with ISC2 to bring you our OWASP course complimentary  for CISSP members.  Access is limited to the next 30 days, so get in on it fast and collect your 2 CPEs for watching these videos. These videos also outline our great new training format for CBTs that…

At Security Compass, we have been working hard to expand our training offerings. We’re most excited about our new Mobile Hacking and Security course. If your organization is working with mobile applications this course is a fantastic primer on how mobile apps can be hacked, and how your teams can defend against these software defects. We’ll…

What is phishing? How do people lose account information online and how do attackers trick you into providing information online? Watch this video to learn how you can protect yourself against different Phishing methods and what Phishing is. At Security Compass, We’d like to give you some steps you can follow to protect yourself against…

Our video series continues with the second video in our Safe Online Banking series about Viruses and Malware. You know those annoying viruses that just won’t leave your computer alone? Criminals have realized there is money to be made by placing viruses and malware on your computer. The Bad guys make money by tracking you while…

Today, we’re going to look at a scenario where the Android Emulator can be repurposed as an exploitation tool. Specifically, we will look at attacks that involve cloning an application and user data from a stolen Android phone onto a computer running the Android emulator. An attacker that does this will be able to use…

This video demonstrates how to bypass the password screen on an android. If you lose your phone, someone who finds it can use this attack to get around the password you set. This attack requires a phone with an unlocked bootloader. Some phones come with unlocked bootloaders, and on others users do this as part…

This article is based on the Command Injection in XML Signatures and Encryption whitepaper authored by Bradley W. Hill from Information Security Partners. XSLT is a simple language designed to facilitate cross platform content generation by selecting and merging datasets presented in an XML document. The vulnerability described in the whitepaper still exists in today’s…

In our one-day training classes and conference talks we make judicious use of videos to demonstrate concepts. One of the most popular videos illustrates the true danger of Cross-Site Scripting (XSS) combined with Cross-Site Request Forgery (CSRF). We constructed a fake bank site and demonstrated that a single XSS vulnerability and money transfer functionality in the bank site could…