Compass Security

1.3K posts

Compass Security

@compasssecurity

Penetration Testing, Red Teaming, Incident Response, Bug Bounty, Security Training, Cyber Range

Rapperswil-Jona, Schweiz Katılım Ekim 2009

113 Takip Edilen3.4K Takipçiler

Compass Security@compasssecurity·13h

Compass vulnerability research identified code execution paths affecting AI coding assistants including @claudeai , @cursor_ai and @OpenAI #Codex. The findings will be demonstrated live at @thezdi Initiative #Pwn2Own Berlin 2026, May 14 to 16. #AIsecurity #LLM

English

457

Compass Security@compasssecurity·2d

🦖 Meet RAPTR: our new open source platform for red and purple team collaboration. Plan engagements, document attacks and detections, evaluate results, and generate reports, all API-driven. Beta is live, feedback welcome! #PurpleTeam blog.compass-security.com/2026/05/introd…

English

648

Compass Security@compasssecurity·28 Nis

Tabletop exercises show how incident response processes fall apart under pressure, far beyond what any plan suggests. Here we share key lessons from real TTX sessions: failures in communication, decision-making, structure, and human factors. blog.compass-security.com/2026/04/tablet…

English

4.7K

Compass Security@compasssecurity·14 Nis

The final part of our Entra ID blog series looks at common Conditional Access weaknesses, practical attack scenarios, and how to identify such issues with EntraFalcon. blog.compass-security.com/2026/04/common…

English

4.8K

Compass Security@compasssecurity·9 Nis

Your CI/CD pipeline might be your weakest link. @marcandretanner shows how exposed secrets, misconfigured runners and cross-cloud trust relationships can be abused to pivot from GitLab into AD and Entra ID. Don't miss it 👉April 14, 1:15 pm at @SpecterOps' #SOCON2026

SpecterOps@SpecterOps

GitLab is a prime DevOps target for attackers—IP, supply chain risk, & access to connected systems. 🎯 At #SOCON2026, @marcandretanner shows how an OpenGraph GitLab collector uncovers hybrid attack paths across CI/CD, service accounts, AD & Entra ID. ➡️ ghst.ly/socon26-tw

English

742

Compass Security@compasssecurity·7 Nis

Part 3 of our Entra ID blog series looks at common weak PIM configurations, practical abuse scenarios, and how to identify them with EntraFalcon: blog.compass-security.com/2026/04/common…

English

130

8.5K

Compass Security@compasssecurity·1 Nis

🏃‍♂️Time for a security workout. Sanitas is launching its #bugbounty program and inviting ethical hackers to help keep its digital healthcare services in peak condition. Hunt vulnerabilities and help protect critical healthcare systems: bugbounty.compass-security.com/bug-bounties/s…

English

412

Compass Security retweetledi

Area41 Security Con@a41con·20 Mar

✨ We’re excited to welcome @compasssecurity as a Platinum Sponsor for the AREA41 security conference 2026 🛸 👽 Thank you for supporting the infosec community‼️ ➡️ Check them out at: compass-security.com 📅 June 18-19. 2026, Zürich - area41.io

English

544

Compass Security@compasssecurity·31 Mar

Unprotected groups in Entra ID can lead to privilege escalation. Part 2 of our 4-part series shows how weakly protected groups can be abused to bypass controls, gain privileged access, and lead to full compromise—and how to detect this with EntraFalcon: blog.compass-security.com/2026/03/common…

English

158

42.1K

Compass Security@compasssecurity·24 Mar

Foreign enterprise apps can expose your Entra ID tenant. Today, we release part 1 of our 4-part weekly series on common Entra ID pitfalls and how to detect them with EntraFalcon. Learn how external apps can lead to data access or worse: blog.compass-security.com/2026/03/common…

English

157

Compass Security@compasssecurity·17 Mar

EntraFalcon update 🚀 The new Security Findings Report turns Entra ID enumeration into actionable findings with 60+ checks and color charts. Read the blog post of Chrigi @ZH938472 and try the tool now on your tenant! blog.compass-security.com/2026/03/from-e… #EntraID #CloudSecurity #EntraFalcon

English

3.4K

Compass Security@compasssecurity·3 Mar

WinGet can be more than a package manager. We show how .winget configs + a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips. blog.compass-security.com/2026/03/winget… #RedTeam #Windows #LOLBins #InitialAccess

English

4.1K

Compass Security@compasssecurity·10 Şub

John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC. blog.compass-security.com/2026/02/from-f… #Windows #CVE #SecurityResearch #PrivEsc

English

5.2K

Compass Security@compasssecurity·23 Oca

From #Pwn2Own Automotive 2026: Compass vs. Grizzl-E. So awesome! youtube.com/shorts/Dn4VroX… via @YouTube

YouTube

English

591

Compass Security@compasssecurity·21 Oca

2-for-2! 🏆 Huge shoutout to @yves_bieri and Lukasz for clean exploits on the Alpine iLX-F511 and Grizzl-E Smart 40A systems with the Charging Connector Protocol/Signal Manipulation add-on. Couldn’t be prouder of the team for executing perfectly today. Congrats! #Pwn2Own

TrendAI Zero Day Initiative@thezdi

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

English

1.7K

Compass Security@compasssecurity·20 Oca

How do we keep our security analysts up to date? Our latest blog post looks inside our internal training week, from Kubernetes security to red teaming and our annual Security Boot Camp. blog.compass-security.com/2026/01/contin… #CyberSecurity #Learning #Pentesting #Kubernetes

English

345

Compass Security@compasssecurity·20 Oca

The schedule is out! 🗓️ We’re hitting the stage on January 21st at 12:30 JST (4:30 CET) and at 14:00 JST (6:00 CET). Time to see if all the work in the lab pays off. Wish us luck! #Pwn2Own

TrendAI Zero Day Initiative@thezdi

The full schedule for #Pwn2Own Automotive 2026 is live! 73 entries over three days should keep us hopping. Be sure to stay tuned for al the results #P2OAuto zerodayinitiative.com/blog/2026/1/20…

English

390

Compass Security@compasssecurity·19 Oca

Here we are again! Finally on the ground for #Pwn2Own Automotive in Tokyo. 🏎️💻 Our team is ready, and we’re just waiting for the Tuesday draw to see when we’re up. Big week ahead! Stay tuned! 🛠️🔥

English

735

Compass Security@compasssecurity·18 Ara

Thank you #BugHunters for your relentless curiosity and clean reports that keep our customers #BugBountyProgram sharp. Soon to announce: Switzerland's highest max. #bounty EVER, new programs and budget refills. Stay tuned! For now: shutdown, enjoy the festive season and recharge

English

352

Compass Security@compasssecurity·16 Ara

In a new video, Nicolò Fornari walks through how to fuzz with AFL++, how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL++ internals. youtu.be/L5Tin7m5sbE?si… #security #fuzzing #AFLplusplus #appsec

YouTube

English

5.5K

Keşfet

@claudeai @cursor_ai @OpenAI @thezdi @marcandretanner @SpecterOps @ZH938472 @YouTube