In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
Compass Security Blog
Offensive Defense
Page 2 of 2
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part.
The first part is about how SNI spoofing can be used to bypass web filters.
Don’t we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit?
What if all this could be over soon?
Welcome to Passkeys!
Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure. TL;DR: Check out our new BloodHound CE custom queries! Active Directory and BloodHound The majority of our customers run a Microsoft Active Directory infrastructure, either exclusively on-prem or […]
Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers.
Particularly after Purple Teaming exercises involving external providers, we often see a mismatch between the customer’s expectations and the service provided.
This blog post attempts to summarize how to prevent the most prevalent issues with a managed security service as early as possible.
© 2025 Compass Security Blog