cybrz
LightNews LightNews
cybrz.bsky.social
cybrz
@cybrz.bsky.social
270 followers 1K following 12 posts
Master of Disaster @compass-security.com 🔥 for all sorts crises, scada, chunk hacking, electronics, cryptography and cyber all the things.
Posts Replies Media Videos
Reposted by cybrz
thezdi.bsky.social
🧭 Navigation complete! The team from Compass Security just charted a course straight into @home_assistant Green at #Pwn2Own. They head off to the disclosure room to spill how they did it. #P2OIreland
October 21, 2025 at 3:28 PM
Reposted by cybrz
compass-security.com
#Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @portswigger.net @burpsuite.bsky.social extension developed by our @muukong.bsky.social that helps manipulate #gRPC-Web traffic, even in absence of #protobuf schemas. blog.compass-security.com/2025/10/brpc...
October 21, 2025 at 11:38 AM
Reposted by cybrz
compass-security.com
@thezdi.bsky.social #Pwn2own schedule is out. Compass folks have been drawn 3rd to exploit the @home-assistant.io Green for $40,000. 🤞for a #bounty today Tuesday Oct 21st, 5pm (Swiss time). #ethicalhacking

Schedule www.zerodayinitiative.com/blog/2025/20...
Zero Day Initiative — Pwn2Own Ireland 2025: The Full Schedule
Welcome to Pwn2Own Ireland 2025! We have some amazing spooky entries for this year’s contest, and a potential of up to $2,000,000 - including our largest ever single prize for a 0-click in WhatsApp fo...
www.zerodayinitiative.com
October 21, 2025 at 6:13 AM
Reposted by cybrz
compass-security.com
The final episode of our Kerberos deep dive is live!

RBCD opens new attack paths in Kerberos. Learn how misconfigs enable privilege escalation and how to defend.

youtu.be/l97RDnzdrXY?...

#Kerberos #ActiveDirectory
Kerberos Deep Dive Part 6 - Resource-Based Constrained Delegation
YouTube video by Compass Security
youtu.be
September 18, 2025 at 5:19 AM
Reposted by cybrz
compass-security.com
Episode 5 of our Kerberos deep dive is live. Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices.

youtu.be/rnhr02eKU0I?...

#Kerberos #ActiveDirectory
Kerberos Deep Dive Part 5 - Constrained Delegation
YouTube video by Compass Security
youtu.be
September 16, 2025 at 6:55 AM
Reposted by cybrz
compass-security.com
Episode 4 of our Kerberos deep dive is live. Unconstrained delegation can expose critical credentials. Learn how attackers abuse it. And how to lock down your systems.

youtu.be/_6FYZRTJQ-s?...

#Kerberos #ActiveDirectory
Kerberos Deep Dive Part 4 - Unconstrained Delegation
YouTube video by Compass Security
youtu.be
September 11, 2025 at 5:52 PM
Reposted by cybrz
compass-security.com
Episode 3 of our Kerberos deep dive is live. AS-REP Roasting abuses accounts without pre-auth. Learn the risks, how attackers exploit it, and how to defend.

youtu.be/56BjmyOTN5o?...

#Kerberos #ActiveDirectory
Kerberos Deep Dive Part 3 - AS-REP Roasting
YouTube video by Compass Security
youtu.be
September 9, 2025 at 1:22 PM
Reposted by cybrz
compass-security.com
We use @jameskettle.com Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF.

Find out more here: blog.compass-security.com/2025/09/coll...

#AppSec #BurpSuite #Pentesting
September 9, 2025 at 11:54 AM
Reposted by cybrz
compass-security.com
Episode 2 of our Kerberos deep dive is live.

Kerberoasting lets attackers steal AD service account credentials. See how it works and how to protect your systems: youtu.be/PhNspeJ0r-4?...

#Kerberos #ActiveDirectory
Kerberos Deep Dive Part 2 - Kerberoasting
YouTube video by Compass Security
youtu.be
September 4, 2025 at 7:39 AM
Reposted by cybrz
compass-security.com
Kerberos powers auth in Windows and hides big security risks. We’re launching a 6-part deep dive: from protocol basics to attacks plus how to stop them.

Starts today → blog.compass-security.com/2025/09/tami... → Subscribe to our channel!

#Kerberos #ActiveDirectory
September 3, 2025 at 6:39 AM
Reposted by cybrz
compass-security.com
Calling all bug hunters! schulNetz by Centerboard AG is now in scope! Help protect over 100k users in schools. Are you ready to make the grade and earn bounties? Program: bugbounty.compass-security.com/bug-bounties... #bugbounty #cybersecurity #ethicalhacking
September 1, 2025 at 7:47 AM
Reposted by cybrz
compass-security.com
Passwords are dead, long live passkeys! 🔑

In our latest blog, we go hands-on: real-life setups, plus tips for recovery and avoiding pitfalls.

blog.compass-security.com/2025/08/into...

#Passkeys #CyberSecurity #Authentication
August 26, 2025 at 9:48 AM
cybrz.bsky.social
Burp collaborator just got a bunch a new features. Credits go to our @compass-security.com Basel team member, Andreas 🙏
jameskettle.com James Kettle @jameskettle.com · Jul 14
We've just released a massive update to Collaborator Everywhere! This is a complete rewrite by @compass-security.com which adds loads of features including in-tool payload customization. Massive thanks to Compass for this epic project takeover. Check out the new features:
July 15, 2025 at 6:29 AM
Reposted by cybrz
compass-security.com
LLM-based vuln hunting just leveled up with xvulnhuntr - a fork of vulnhuntr with support for: C#, Java, Go. Read @rationalpsyche.bsky.social's blog post and go grab the project on GitHub.
blog.compass-security.com/2025/07/xvul...
July 8, 2025 at 8:41 AM
Reposted by cybrz
billmarczak.org
Excited to talk today at @reconmtl.bsky.social with @droethlisberger.bsky.social about a 2017 iOS persistence exploit used by NSO's Pegasus (and, interestingly, other threat actors too)! 10:00AM in the Grand Salon cfp.recon.cx/recon-2025/t...
June 29, 2025 at 1:45 PM
Reposted by cybrz
compass-security.com
Exploiting the @ubiquiti.bsky.social AI Bullet camera for #Pwn2Own made us sweat more than once.
But persistence paid off. Our detailed blog post is now live: blog.compass-security.com/2025/06/pwn2...

#penetrationtest #pentest #iot #embedded #cybersecurity
www.compass-security.com/en/services/...
June 26, 2025 at 2:38 PM
Reposted by cybrz
compass-security.com
Thrilled for #TROOPERS25 Thursday! Emanuele & @yvesbieri.bsky.social share #Pwn2Own wins on #surveillance cams. Method, #exploit, lessons. Drop in, trade war-stories!

Talk: troopers.de/troopers25/t...
Compass pentest: www.compass-security.com/en/services/... #cybersecurity #iot #hw #fw #ot
High-resolution photo of Compass Security’s IoT and industrial penetration-testing workspace: on a light wooden workbench a large-lens, black surveillance camera sits half-disassembled beside its white Synology® housing, revealing the internal printed-circuit board, image sensor and ribbon connectors targeted during firmware extraction and vulnerability analysis. A chaotic web of multicolored diagnostic leads, Ethernet patch cables, alligator clips, UART/serial breakout wires and power adapters snakes across the table, illustrating real-world hardware hacking, fault-injection and secure-boot bypass techniques used in red-team assessments of networked CCTV, smart-factory and critical OT devices. The blue pentagonal TROOPERS25 shield logo occupies the upper-right corner, signalling that this lab scene supports Compass Security’s conference presentation on Pwn2Own-grade research into surveillance-camera exploits, remote-code-execution vectors and zero-day discovery. The image underscores expert penetration-testing methodology—threat modeling, reverse engineering, embedded Linux analysis, secure-element probing and API fuzzing.
June 25, 2025 at 5:59 AM
Reposted by cybrz
compass-security.com
Primate traits run deep at Teleboy smart, curious, and always evolving. If that sounds like you, challenge the boundaries of their infra and secure streaming, internet, and phone experience of 400'000+ users. #bugbounty #ethicalhacking #cybersecurity bugbounty.compass-security.com/bug-bounties...
June 2, 2025 at 7:41 AM
Reposted by cybrz
compass-security.com
Many CI/CD tools promise to keep your dependencies up to date - but if misconfigured, they can expose your organization. From token leaks to MR hijacks, Jan's latest blog post shows how bad configuration can turn a security tool into an attack vector. 🛠️💣

blog.compass-security.com/2025/05/reno...
May 27, 2025 at 7:25 AM
Reposted by cybrz
compass-security.com
Tired of sifting through Entra ID manually? EntraFalcon is a PowerShell tool that flags risky objects configs & privileged role assignments with ⚡ Scoring model 📊 HTML reports 🔒 No Graph API consent hassle. Get it now: blog.compass-security.com/2025/04/intr...
#EntraID #IAM
April 29, 2025 at 11:09 AM
Reposted by cybrz
compass-security.com
3 milliseconds to admin — Our analyst John Ostrowski turned a DLL hijacking into a reliable local privilege escalation on Windows 11. He chained opportunistic locks, and API hooking to win the race to CVE-2025-24076 & CVE-2025-24994. Read his blog post: blog.compass-security.com/2025/04/3-mi...
April 15, 2025 at 9:00 AM
cybrz.bsky.social
The seasoned IT crowd among us might remember the search for extraterrestrial intelligence SETI project screensaver and client software… BOINC is the platform beneath it and used for the distributed computing approach. 😎
March 27, 2025 at 6:16 PM
Reposted by cybrz
compass-security.com
Dear #bughunter, gear up! dEURO launches its program. Hunt for vulnerabilities, secure the oracle-free #stablecoin, and get rewarded. #API, mobile apps and solidity contract in scope. Max. bounty at CHF 10'000. Ready to mint your victory? 🚀 #DeFi bugbounty.compass-security.com/bug-bounties...
March 26, 2025 at 1:15 PM
Reposted by cybrz
compass-security.com
No system is perfect!

In part 4 of his blog series, @emanuelduss.ch shows how detection mechanisms of web filters can be bypassed: blog.compass-security.com/2025/03/bypa...

#pentest #network
March 20, 2025 at 9:49 AM
Reposted by cybrz
compass-security.com
Avoid LDAP monitoring by leveraging local registry data with certipy parse! Check out our latest pull request and read Marc Tanner’s (@brain-dump.org) blog post: blog.compass-security.com/2025/02/stea...
February 11, 2025 at 12:28 PM