Compass Security
@compasssecurity
Penetration Testing, Red Teaming, Incident Response, Bug Bounty, Security Training, Cyber Range
You might like
New video out! Security analyst John Ostrowski show the hands-on process behind discovering CVE-2025-24076 and CVE-2025-24994 described in our recent blog post. Watch here: youtu.be/YwNcTuHxnAI #security #pentest #windowsinternals #vulnresearch
youtube.com
YouTube
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win...
NTLM relay works against HTTPS if channel binding is missing. Our new blog post explains why, shows how tooling evolved, and highlights defensive measures. blog.compass-security.com/2025/11/ntlm-r…
The #Blackalps25 Treasure Hunt is ready! Stop by our booth and grab your chance to be a Treasure Hunt Champion & win.
We’re heading to #Blackalps25! 👉 November 20/21, Yverdon-les-Bains 🇨🇭 Will you be there? Say hi and take on our adventurous challenge!
#Blackalps25 Treasure Hunt coming soon – fast feet & sharp minds win. Think you have what it takes? Stop by our booth.
😀We can't wait to unveil the 📖 FULL PROGRAM of #BlackAlps25 today! Out of an impressive 👀 151 submissions from all over the world🌍 the Program Committee coordinated by @Baldanos has selected 17 outstanding talks! ➡️ DISCOVER THE FULL PROGRAM HERE : blackalps.ch/ba-25/program.…
Want to understand how Windows handles authentication and access tokens? Security analyst @emanuelduss explains how they’re created, used, and abused - with live demos. 🎥Presentation: youtu.be/_ODdwpxXRR4?si… #Security #Pentest #WindowsInternals
🎉Success. Our #Pwn2own team combined #zeroday bugs to remotely #exploit @home_assistant green which earned them $20'000 and 4 pts. Congratz to @bcyrill Emanuele, Lukasz @muukong and @yves_bieri. Respect to @stephenfewer (@rapid7) and @_mccaulay (@SummoningTeam) for their wins.
. #Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @PortSwigger @Burp_Suite extension developed by our @muukong that makes #gRPC-Web traffic readable and editable, even in the absence of #protobuf schema files. blog.compass-security.com/2025/10/brpc-w…
Heading to Cork for #Pwn2Own Ireland 🇮🇪. Watch the live draw at 15:00 (Swiss time) to see which target we’ll be taking on 👀🔗 linkedin.com/events/pwn2own…
Learn about a FortiProxy Domain Fronting Protection bypass discovered by our analyst @emanuelduss . Details in the advisory: compass-security.com/en/news/detail… Curious how web filters are evaded? Read his blog series: blog.compass-security.com/2025/03/bypass… #cve #pentest #bypass
The leaked LockBit chats give a rare inside look at ransomware ops. Read our blog for an analysis and lessons for defenders: blog.compass-security.com/2025/10/lockbi… #CyberSecurity #Ransomware #LockBit
Excited to be part of #BlackAlps25 Come by our booth. We've got another tricky challenge for you.
🥇GOLD SPONSOR Our deepest gratitude 🙏 to our loyal partner @compasssecurity for joining us for the highly anticipated #BlackAlps25. Meet an impressive 👀team of cybersecurity experts at the booth @sploutchy Detailed PROGRAM in a few days on blackalps.ch/ba-25/
NIS2 means stricter rules and steep fines. Penetration testing is key to proving compliance & improving security, uncovering flaws before attackers do. Our latest blog explains why you need it now: blog.compass-security.com/2025/09/ensuri… #CyberSecurity #NIS2 #Pentesting
The final episode of our Kerberos deep dive is live! RBCD opens new attack paths in Kerberos. Learn how misconfigs enable privilege escalation and how to defend. youtu.be/l97RDnzdrXY?fe… #Kerberos #ActiveDirectory
youtube.com
YouTube
Kerberos Deep Dive Part 6 - Resource-Based Constrained Delegation
Episode 5 of our Kerberos deep dive is live. Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices. youtu.be/rnhr02eKU0I?si… #Kerberos #ActiveDirectory
youtube.com
YouTube
Kerberos Deep Dive Part 5 - Constrained Delegation
Episode 4 of our Kerberos deep dive is live. Unconstrained delegation can expose critical credentials. Learn how attackers abuse it. And how to lock down your systems. youtu.be/_6FYZRTJQ-s?fe… #Kerberos #ActiveDirectory
youtube.com
YouTube
Kerberos Deep Dive Part 4 - Unconstrained Delegation
Episode 3 of our Kerberos deep dive is live. AS-REP Roasting abuses accounts without pre-auth. Learn the risks, how attackers exploit it, and how to defend. youtu.be/56BjmyOTN5o?fe… #Kerberos #ActiveDirectory
youtube.com
YouTube
Kerberos Deep Dive Part 3 - AS-REP Roasting
We use James Kettle’s (@albinowax) Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF. Find out more here: blog.compass-security.com/2025/09/collab… #AppSec #BurpSuite #Pentesting
We’re proud to see our colleague Emanuele on stage at #NullconBerlin2025: 📢 Topic: DHCPwned: Owning Cameras One Lease at a Time ⏰Today at 3.20 p.m.
Episode 2 of our Kerberos deep dive is live. Kerberoasting lets attackers steal AD service account credentials. See how it works and how to protect your systems: youtu.be/PhNspeJ0r-4?fe… #Kerberos #ActiveDirectory
youtube.com
YouTube
Kerberos Deep Dive Part 2 - Kerberoasting
United States Trends
- 1. #twitchrecap 8,587 posts
- 2. #GivingTuesday 27.1K posts
- 3. Larry 46.1K posts
- 4. So 79% 1,840 posts
- 5. Joe Schoen 7,413 posts
- 6. Cabinet 68.1K posts
- 7. Costco 53.2K posts
- 8. #AppleMusicReplay 10.2K posts
- 9. Haaland 20K posts
- 10. Susan Dell 7,317 posts
- 11. Pat Leonard N/A
- 12. NextNRG Inc. 3,656 posts
- 13. Sleepy Don 2,532 posts
- 14. #Rashmer 28.5K posts
- 15. Jared Curtis 2,954 posts
- 16. #SleighYourHolidayGiveaway N/A
- 17. Trump Accounts 14.9K posts
- 18. Sabrina Carpenter 33.2K posts
- 19. King Von 2,068 posts
- 20. Carton 29.3K posts
You might like
-
The Hacking Lab
@TheHackingLab -
swisscyberstorm
@swisscyberstorm -
Interrupt Labs
@InterruptLabs -
Aurélien Chalot
@Defte_ -
scip ag 𝕏
@scipag -
Michael Schneider
@0x6d69636b -
Redguard AG
@redguard_ch -
BlackAlps
@BlackAlpsConf -
Area41 Security Con
@a41con -
Dataflow Security
@dfsec_com -
Invicti Security
@InvictiSecurity -
DawnSecurityLab
@dawnseclab -
DC4131 - DEFCON CH
@defconch -
Corsin Camichel 🌻
@cocaman -
Daniel Roethlisberger
@droethlisberger
Something went wrong.
Something went wrong.