Compass Security Blog

Offensive Defense

bRPC-Web: A Burp Suite Extension for gRPC-Web

October 21, 2025 / / 0 Comments

The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.

This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.

Continue reading

Pwn2Own Toronto 2023: Part 5 – The Exploit

March 29, 2024 / / 0 Comments

In this final part of this series, we are finally going to explain how the stack-based buffer overflow vulnerability can be exploited to gain unauthenticated remote code execution (RCE) on the Synology BC500 camera.

Continue reading

Microsoft BitLocker Bypasses are Practical

February 13, 2024 / / 1 Comment

In this blog article, we would like to share key insights from the “Defeating Microsoft’s Default BitLocker Implementation” security training by Hands-On Security and emphasize the potential risks and consequences associated with this attack technique. Our target audience includes businesses looking to safeguard sensitive data on their Windows devices, as well as individuals with an elevated requirement for protecting their data.

Continue reading

© 2025 Compass Security Blog

Up ↑