WinGet can be more than a package manager. We show how .𝚠𝚒𝚗𝚐𝚎𝚝 configs + a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips.
blog.compass-security.com/2026/03/wing...
#RedTeam #Windows #LOLBins #InitialAccess
John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.
blog.compass-security.com/2026/02/from...
#Windows #CVE #SecurityResearch #PrivEsc
People know I am all crazy about electricity and electronics. So, I am specially excited about this one and I must admit I am very tempted to get hands on European chargers. Unfortunately, there is no vacation in sight yet 🤪.
…. forgot to ask: Where can I get the nice screensaver for my Alpine infotainment? 😜
Congratz for the nice find! I am very impressed and would love to see Alpine fix one or the other issue eventually… sometime… any soon?
The schedule is out! 🗓️ We’re hitting the stage on January 21st at 12:30 JST (4:30 CET) and at 14:00 JST (6:00 CET). Time to see if all the work in the lab pays off. Wish us luck! #Pwn2Own
www.zerodayinitiative.com/blog/2026/1/...
🤞 fingers crossed you guys get drawn for the pole position and get away without collisions.
🇨🇭#BringEnHei
There will be… Switzerland's highest max. bounty EVER
In a new video, Nicolò @rationalpsyche.bsky.social walks through how to fuzz with AFL++, how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL++ internals.
Watch here: youtu.be/L5Tin7m5sbE?...
#security #fuzzing #AFLplusplus #appsec
NTLM relay works against HTTPS if channel binding is missing. Our new blog post explains why, shows how tooling evolved, and highlights defensive measures.
blog.compass-security.com/2025/11/ntlm...
🧭 Navigation complete! The team from Compass Security just charted a course straight into @home_assistant Green at #Pwn2Own. They head off to the disclosure room to spill how they did it. #P2OIreland
#Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @portswigger.net @burpsuite.bsky.social extension developed by our @muukong.bsky.social that helps manipulate #gRPC-Web traffic, even in absence of #protobuf schemas. blog.compass-security.com/2025/10/brpc...
@thezdi.bsky.social #Pwn2own schedule is out. Compass folks have been drawn 3rd to exploit the @home-assistant.io Green for $40,000. 🤞for a #bounty today Tuesday Oct 21st, 5pm (Swiss time). #ethicalhacking
Schedule www.zerodayinitiative.com/blog/2025/20...
The final episode of our Kerberos deep dive is live!
RBCD opens new attack paths in Kerberos. Learn how misconfigs enable privilege escalation and how to defend.
youtu.be/l97RDnzdrXY?...
#Kerberos #ActiveDirectory
Episode 5 of our Kerberos deep dive is live. Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices.
youtu.be/rnhr02eKU0I?...
#Kerberos #ActiveDirectory
Episode 4 of our Kerberos deep dive is live. Unconstrained delegation can expose critical credentials. Learn how attackers abuse it. And how to lock down your systems.
youtu.be/_6FYZRTJQ-s?...
#Kerberos #ActiveDirectory
Episode 3 of our Kerberos deep dive is live. AS-REP Roasting abuses accounts without pre-auth. Learn the risks, how attackers exploit it, and how to defend.
youtu.be/56BjmyOTN5o?...
#Kerberos #ActiveDirectory
We use @jameskettle.com Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF.
Find out more here: blog.compass-security.com/2025/09/coll...
#AppSec #BurpSuite #Pentesting
Episode 2 of our Kerberos deep dive is live.
Kerberoasting lets attackers steal AD service account credentials. See how it works and how to protect your systems: youtu.be/PhNspeJ0r-4?...
#Kerberos #ActiveDirectory
Kerberos powers auth in Windows and hides big security risks. We’re launching a 6-part deep dive: from protocol basics to attacks plus how to stop them.
Starts today → blog.compass-security.com/2025/09/tami... → Subscribe to our channel!
#Kerberos #ActiveDirectory
Calling all bug hunters! schulNetz by Centerboard AG is now in scope! Help protect over 100k users in schools. Are you ready to make the grade and earn bounties? Program: bugbounty.compass-security.com/bug-bounties... #bugbounty #cybersecurity #ethicalhacking
Passwords are dead, long live passkeys! 🔑
In our latest blog, we go hands-on: real-life setups, plus tips for recovery and avoiding pitfalls.
blog.compass-security.com/2025/08/into...
#Passkeys #CyberSecurity #Authentication
Burp collaborator just got a bunch a new features. Credits go to our @compass-security.com Basel team member, Andreas 🙏
LLM-based vuln hunting just leveled up with xvulnhuntr - a fork of vulnhuntr with support for: C#, Java, Go. Read @rationalpsyche.bsky.social's blog post and go grab the project on GitHub.
blog.compass-security.com/2025/07/xvul...
Excited to talk today at @reconmtl.bsky.social with @droethlisberger.bsky.social about a 2017 iOS persistence exploit used by NSO's Pegasus (and, interestingly, other threat actors too)! 10:00AM in the Grand Salon cfp.recon.cx/recon-2025/t...
Exploiting the @ubiquiti.bsky.social AI Bullet camera for #Pwn2Own made us sweat more than once.
But persistence paid off. Our detailed blog post is now live: blog.compass-security.com/2025/06/pwn2...
#penetrationtest #pentest #iot #embedded #cybersecurity
www.compass-security.com/en/services/...
Thrilled for #TROOPERS25 Thursday! Emanuele & @yvesbieri.bsky.social share #Pwn2Own wins on #surveillance cams. Method, #exploit, lessons. Drop in, trade war-stories!
Talk: troopers.de/troopers25/t...
Compass pentest: www.compass-security.com/en/services/... #cybersecurity #iot #hw #fw #ot
Primate traits run deep at Teleboy smart, curious, and always evolving. If that sounds like you, challenge the boundaries of their infra and secure streaming, internet, and phone experience of 400'000+ users. #bugbounty #ethicalhacking #cybersecurity bugbounty.compass-security.com/bug-bounties...
Many CI/CD tools promise to keep your dependencies up to date - but if misconfigured, they can expose your organization. From token leaks to MR hijacks, Jan's latest blog post shows how bad configuration can turn a security tool into an attack vector. 🛠️💣
blog.compass-security.com/2025/05/reno...
Tired of sifting through Entra ID manually? EntraFalcon is a PowerShell tool that flags risky objects configs & privileged role assignments with ⚡ Scoring model 📊 HTML reports 🔒 No Graph API consent hassle. Get it now: blog.compass-security.com/2025/04/intr...
#EntraID #IAM
