Compass Security Blog

Continuous Learning – Inside our Internal Security Training

Over the course of 2025, we performed several hundred security assessments for our clients. In each of these, security analysts must understand a new environment and often work with unfamiliar technologies. Even for well-known technologies, things change rapidly. Quick learning and adaptability are essential skills.

To keep our security analysts sharp and up to date, we regularly attend security conferences, external courses and trainings but also organize internal sessions. It has become a tradition for us to spend the first week of January learning new things, starting the year improving our know-how.

NTLM Relaying to HTTPS

November 26, 2025 / Sylvain Heiniger / 0 Comments

NTLM is the legacy authentication protocol in Windows environment. In the past few years, I’ve had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.

bRPC-Web: A Burp Suite Extension for gRPC-Web

October 21, 2025 / Urs Müller / 0 Comments

The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.

This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.

LockBit Breach: Insights From a Ransomware Group’s Internal Data

October 7, 2025 / Andreas Arnold / 0 Comments

Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.

Now, let’s be honest: the dataset is way too small to make any solid statistical claims. Having said that, let’s make some statistical claims!

Ensuring NIS2 Compliance: The Importance of Penetration Testing

September 23, 2025 / Stephan Sekula / 0 Comments

The Network and Information Security Directive 2 (NIS2) is the European Union’s latest framework for strengthening cyber security resilience across critical sectors.

If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.

Collaborator Everywhere v2

September 9, 2025 / Andreas Brombach / 0 Comments

Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.

We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.

Taming The Three-Headed Dog -Kerberos Deep Dive Series

September 2, 2025 / Alex Joss / 0 Comments

Kerberos is the default authentication protocol in on-prem Windows environments. We’re launching a 6-part YouTube series, a technical deep dive into Kerberos. We’ll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.

Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases

August 26, 2025 / Cyrill Brunschwiler / 1 Comment

In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they’re a strong alternative to passwords. Today, we’ll show how passkeys are used in the real world – by everyday users and security professionals alike.

xvulnhuntr

July 8, 2025 / Nicolo Fornari / 2 Comments

In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]

The disassembeled Ubiquiti AI Bullet camera

Pwn2Own Ireland 2024 – Ubiquiti AI Bullet

June 26, 2025 / Yves Bieri / 0 Comments

Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]

Offensive Defense