In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis.| blog.compass-security.com
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]| Compass Security Blog
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day IT infrastructure. However, as more and more companies migrate to cloud or cloud-local hybrid infrastructure, the security risks that ...| blog.compass-security.com
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. In our field, LinkedIn is often used to gather a lot of information about a company during a red teaming assessment or social e...| blog.compass-security.com
https://docs.renovatebot.com/assets/images/mend-renovate-cli-banner.jpgRenovate is an OSS CLI/bot that updates your software dependencies automatically. It is usually integrated into the CI/CD process and runs on a schedule. It will create a Pull Request / Merge Request (PR/MR) to your repository with dependency updates. It can optionally auto-merge them. If you host it for several repositories or an organization, it can auto-discover new projects and create an onboarding MR/PR, which introd...| blog.compass-security.com
Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes, (device code) phishing or a stolen portable device. The latter is usually a Windows laptop protected by BitLocker for full disk encryption without pre-boot authentication i.e. without a configured PIN or an additional key file. While […]| Compass Security Blog
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations.| blog.compass-security.com
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop provided was being treated as a thin client, where the laptop is mainly used to access a remote desktop and use the browser with no additional software installed.| blog.compass-security.com
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often.| blog.compass-security.com
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]| Compass Security Blog
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called “Domain Fronting Detection”. But what exactly is domain fronting? This will be explained in this blog post.| blog.compass-security.com
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.| blog.compass-security.com
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part.| blog.compass-security.com
Don’t we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit?| blog.compass-security.com
TLDR: Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.| blog.compass-security.com
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure.| blog.compass-security.com
Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers. Some of the customers have their own Blue Team, others use an external provider for this service. Sometimes it is a mix, where an external company supports the internal Blue Team in its daily tasks.| blog.compass-security.com
Introduction| blog.compass-security.com
SAML Raider [0] is a Burp Suite [1] extension and the tool of choice for many pentesters for testing SAML infrastructures, recommended by many pentesting sites and blog posts. Originally developed by Roland Bischofberger [2] and Emanuel Duss [3] as part of their bachelor thesis, the last version (v1.4.1) was released two years ago. As a former software developer, I wanted to bring my experience to this useful piece of software and give you confirmation that this product is still being maintai...| blog.compass-security.com
TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towards pentesters.| blog.compass-security.com
Introduction| blog.compass-security.com