Compass Security Blog

Offensive Defense

Page 3 of 3

Pwn2Own Toronto 2023: Part 1 – How it all started

Around a year ago a few Compass analysts watched a talk at the Insomni’Hack conference about the Pwn2Own contest.

This is when they decided to take part! In this blog post, they talk about how they picked their target, got the firmware from the camera, and got into the shell.

Continue reading

Manipulating LLMs – How to confuse ChatGPT

What are LLMs LLMs (Large Language Models) are language models with a large number of parameters. These parameters are the model’s variables, which it learns during training. Typically, this training is unsupervised learning on a large data set, during which the algorithm tries to find patterns in the provided data. The more it learns, the […]

Continue reading

Luring the Threat: Lessons from ICS Honeypots in Ukraine and Germany

In today’s interconnected world, it is a well-known fact that systems with Internet exposure are under continual threat of cyber-attacks. This risk extends from private websites to corporate infrastructure. With the increasing modernization of Industrial Control Systems (ICS), these vital components also become more exposed to such threats. But what is the extent and nature […]

Continue reading

Microsoft BitLocker Bypasses are Practical

In this blog article, we would like to share key insights from the “Defeating Microsoft’s Default BitLocker Implementation” security training by Hands-On Security and emphasize the potential risks and consequences associated with this attack technique. Our target audience includes businesses looking to safeguard sensitive data on their Windows devices, as well as individuals with an elevated requirement for protecting their data.

Continue reading

Device Code Phishing – Add Your Own Sign-In Methods on Entra ID

TL;DR An attacker is able to register new security keys (FIDO) or other authentication methods (TOTP, Email, Phone etc.) after a successful device code phishing attack. This allows an attacker to backdoor the account (FIDO) or perform the self-service password reset for the account with the newly registered sign-in methods. Microsoft deemed this not a vulnerability.

Continue reading

Microsoft Teams Covert Channels Research

With the rise of remote working, Microsoft Teams has become the de-facto standard for video conferences, chat, and collaboration. The nature of the Teams architecture are some central systems that route information between parties. With that comes that Teams client software must be allowed to communicate to the Internet. Microsoft even recommends letting Teams traffic bypass inspection proxies for compatibility reasons. Its network communication pattern has significant overlap with malicious C2 traffic und thus it is nearly impossible for blue teams to spot adversary communication. Therefore, Teams is an interesting candidate to be abuses for C2 traffic. Thus, we put some research into this.

Continue reading

Newer posts »