Scripts & Configs
- Various Scripts on GitHub: emanuelduss/Scripts
- My configuration files on GitHub: emanuelduss/Configs
- Blogpost about some tools: Tools
- Some simple but useful security-related tools: 802.11evil, dollyx509, ip-forwarding-scanner, ip6-forwarding-scanner
SSH Labs
The SSH Labs are a learning resource on SSH security showing how SSH works, possible attacks and how you can securely configure and use SSH. It includes a presentation with slides, as well as a Docker-based hands-on lab where you can learn how the attacks work by compromising several systems.
- Website: https://sshlabs.compass-security.training
- Presentation on YouTube: SSH (Secure Shell) - Attacks and Best Practices
- Slides: SSH_Secure_Shell_Attacks_and_Best_Practices_2026-05.pdf
Burp Extension: SAML Raider
SAML Raider is a Burp Suite extension for testing SAML authentication flows. This software was created as a bachelor thesis during my studies at the Hochschule für Technik Rapperswil (HSR). Our project partner and advisor was Compass Security.
- GitHub: CompassSecurity/SAMLRaider
- PortSwigger BappStore: SAML Raider
Demo
Burp Extension: Copy Request & Response
The Copy Request & Response Burp Suite extension adds new context menu entries that can be used to simply copy the request and response from the selected message to the clipboard. I wrote this extension at work at Compass Security to improve the documentation workflow.
- GitHub: CompassSecurity/burp-copy-request-response
- PortSwigger BappStore: Copy Request Response
- Compass Security Blogpost: Burp Extension: Copy Request & Response
Demo
Security Resources Link Collection
A link collection to online resources & tools I created for our web application / network security trainings at Compass Security.
- GitHub: CompassSecurity/security_resources / git.io/secres.
Company Blog
The blog posts I wrote for my employer Compass Security can be found here.
There is a series about bypassing web filters:
- Bypassing Web Filters Part 1: SNI Spoofing
- Bypassing Web Filters Part 2: Host Header Spoofing
- Bypassing Web Filters Part 3: Domain Fronting
- Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
Some explanations about vulnerabilities I found during assessments: