Compass Security

1.3K posts

Compass Security

@compasssecurity

Penetration Testing, Red Teaming, Incident Response, Bug Bounty, Security Training, Cyber Range

Rapperswil-Jona, Schweiz Sumali Ekim 2009

113 Sinusundan3.2K Mga Tagasunod

Compass Security@compasssecurity·3d

EntraFalcon update 🚀 The new Security Findings Report turns Entra ID enumeration into actionable findings with 60+ checks and color charts. Read the blog post of Chrigi @ZH938472 and try the tool now on your tenant! blog.compass-security.com/2026/03/from-e… #EntraID #CloudSecurity #EntraFalcon

English

3.1K

Compass Security@compasssecurity·3 Mar

WinGet can be more than a package manager. We show how .winget configs + a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips. blog.compass-security.com/2026/03/winget… #RedTeam #Windows #LOLBins #InitialAccess

English

3.9K

Compass Security@compasssecurity·10 Şub

John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC. blog.compass-security.com/2026/02/from-f… #Windows #CVE #SecurityResearch #PrivEsc

English

Compass Security@compasssecurity·23 Oca

From #Pwn2Own Automotive 2026: Compass vs. Grizzl-E. So awesome! youtube.com/shorts/Dn4VroX… via @YouTube

YouTube

English

477

Compass Security@compasssecurity·21 Oca

2-for-2! 🏆 Huge shoutout to @yves_bieri and Lukasz for clean exploits on the Alpine iLX-F511 and Grizzl-E Smart 40A systems with the Charging Connector Protocol/Signal Manipulation add-on. Couldn’t be prouder of the team for executing perfectly today. Congrats! #Pwn2Own

TrendAI Zero Day Initiative@thezdi

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

English

1.5K

Compass Security@compasssecurity·20 Oca

How do we keep our security analysts up to date? Our latest blog post looks inside our internal training week, from Kubernetes security to red teaming and our annual Security Boot Camp. blog.compass-security.com/2026/01/contin… #CyberSecurity #Learning #Pentesting #Kubernetes

English

296

Compass Security@compasssecurity·20 Oca

The schedule is out! 🗓️ We’re hitting the stage on January 21st at 12:30 JST (4:30 CET) and at 14:00 JST (6:00 CET). Time to see if all the work in the lab pays off. Wish us luck! #Pwn2Own

TrendAI Zero Day Initiative@thezdi

The full schedule for #Pwn2Own Automotive 2026 is live! 73 entries over three days should keep us hopping. Be sure to stay tuned for al the results #P2OAuto zerodayinitiative.com/blog/2026/1/20…

English

324

Compass Security@compasssecurity·19 Oca

Here we are again! Finally on the ground for #Pwn2Own Automotive in Tokyo. 🏎️💻 Our team is ready, and we’re just waiting for the Tuesday draw to see when we’re up. Big week ahead! Stay tuned! 🛠️🔥

English

677

Compass Security@compasssecurity·18 Ara

Thank you #BugHunters for your relentless curiosity and clean reports that keep our customers #BugBountyProgram sharp. Soon to announce: Switzerland's highest max. #bounty EVER, new programs and budget refills. Stay tuned! For now: shutdown, enjoy the festive season and recharge

English

312

Compass Security@compasssecurity·16 Ara

In a new video, Nicolò Fornari walks through how to fuzz with AFL++, how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL++ internals. youtu.be/L5Tin7m5sbE?si… #security #fuzzing #AFLplusplus #appsec

YouTube

English

5.5K

Compass Security@compasssecurity·2 Ara

New video out! Security analyst John Ostrowski show the hands-on process behind discovering CVE-2025-24076 and CVE-2025-24994 described in our recent blog post. Watch here: youtu.be/YwNcTuHxnAI #security #pentest #windowsinternals #vulnresearch

YouTube

English

2.5K

Compass Security@compasssecurity·26 Kas

NTLM relay works against HTTPS if channel binding is missing. Our new blog post explains why, shows how tooling evolved, and highlights defensive measures. blog.compass-security.com/2025/11/ntlm-r…

English

123

8.9K

Compass Security@compasssecurity·20 Kas

The #Blackalps25 Treasure Hunt is ready! Stop by our booth and grab your chance to be a Treasure Hunt Champion & win.

English

302

Compass Security@compasssecurity·19 Kas

We’re heading to #Blackalps25! 👉 November 20/21, Yverdon-les-Bains 🇨🇭 Will you be there? Say hi and take on our adventurous challenge!

English

286

Compass Security@compasssecurity·17 Kas

#Blackalps25 Treasure Hunt coming soon – fast feet & sharp minds win. Think you have what it takes? Stop by our booth.

BlackAlps@BlackAlpsConf

😀We can't wait to unveil the 📖 FULL PROGRAM of #BlackAlps25 today! Out of an impressive 👀 151 submissions from all over the world🌍 the Program Committee coordinated by @Baldanos has selected 17 outstanding talks! ➡️ DISCOVER THE FULL PROGRAM HERE : blackalps.ch/ba-25/program.…

English

646

Compass Security@compasssecurity·4 Kas

Want to understand how Windows handles authentication and access tokens? Security analyst @emanuelduss explains how they’re created, used, and abused - with live demos. 🎥Presentation: youtu.be/_ODdwpxXRR4?si… #Security #Pentest #WindowsInternals

YouTube

English

2.9K

Compass Security@compasssecurity·22 Eki

🎉Success. Our #Pwn2own team combined #zeroday bugs to remotely #exploit @home_assistant green which earned them $20'000 and 4 pts. Congratz to @bcyrill Emanuele, Lukasz @muukong and @yves_bieri. Respect to @stephenfewer (@rapid7) and @_mccaulay (@SummoningTeam) for their wins.

English

2.4K

Compass Security@compasssecurity·21 Eki

. #Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @PortSwigger @Burp_Suite extension developed by our @muukong that makes #gRPC-Web traffic readable and editable, even in the absence of #protobuf schema files. blog.compass-security.com/2025/10/brpc-w…

English

122

6.4K

Compass Security@compasssecurity·21 Eki

@thezdi #Pwn2own schedule is out. Compass folks have been drawn 3rd to exploit the @home_assistant Green for $40,000. 🤞for a #bounty today Tuesday Oct 21st, 5pm (Swiss time). #ethicalhacking cc @hass_devs Schedule: zerodayinitiative.com/blog/2025/20/p…

English

169

Compass Security@compasssecurity·20 Eki

Heading to Cork for #Pwn2Own Ireland 🇮🇪. Watch the live draw at 15:00 (Swiss time) to see which target we’ll be taking on 👀🔗 linkedin.com/events/pwn2own…

English

927

Tuklasin

@ZH938472 @YouTube @yves_bieri @emanuelduss @home_assistant @bcyrill @muukong @stephenfewer