Compass Security

WinGet can be more than a package manager. We show how .𝚠𝚒𝚗𝚐𝚎𝚝 configs + a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips.
blog.compass-security.com/2026/03/wing...
#RedTeam #Windows #LOLBins #InitialAccess

John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.

blog.compass-security.com/2026/02/from...

#Windows #CVE #SecurityResearch #PrivEsc

A night full of exciting happenings. Compass #Pwn2Own team chained zero days to run code on the Canada built Grizzl-e Smart level 2 charger. Colleagues also demoed the manipulation of of the charging control protocol. Well earned 25‘000 USD!

We have exciting news to share. Compass folks made the Alpine car infotainment system to run arbitrary code and earn a 10‘000 USD. 🎉🎉🎉

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

How do we keep our security analysts up to date?
Our latest blog post looks inside our internal training week, from Kubernetes security to red teaming and our annual Security Boot Camp.

blog.compass-security.com/2026/01/cont...

#CyberSecurity #Learning #Pentesting #Kubernetes

Zero Day Initiative — Pwn2Own Automotive 2026 - The Full Schedule おかえりなさい (Welcome back!) The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with...

The schedule is out! 🗓️ We’re hitting the stage on January 21st at 12:30 JST (4:30 CET) and at 14:00 JST (6:00 CET). Time to see if all the work in the lab pays off. Wish us luck! #Pwn2Own

www.zerodayinitiative.com/blog/2026/1/...

Here we are again! Finally on the ground for #Pwn2Own Automotive in Tokyo 🏎️💻 Our team is ready, and we’re just waiting for the Tuesday draw to see when we’re up. Big week ahead! Stay tuned! 🛠️🔥

co//aboration…ftw! Thanks for the kudos!

The final stage would not have been possible without John Ostrowski from @compass-security.com thanks for the Swiss infosec collaboration! 🫕🤝

co//aboration… ftw. Thanks for the Kudos!

Thank you #BugHunters for your relentless curiosity and clean reports that keep our customers #BugBountyProgram sharp.

Soon to announce: Switzerland's highest max. bounty ever, new programs and budget refills. Stay tuned! For now: shutdown, enjoy the festive season and recharge.

Fuzzing and AFL++ YouTube video by Compass Security

In a new video, Nicolò @rationalpsyche.bsky.social walks through how to fuzz with AFL++, how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL++ internals.

Watch here: youtu.be/L5Tin7m5sbE?...

#security #fuzzing #AFLplusplus #appsec

300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race YouTube video by Compass Security

New video out!

Security analyst John Ostrowski show the hands-on process behind discovering CVE-2025-24076 and CVE-2025-24994 described in our recent blog post.

Watch here: youtu.be/YwNcTuHxnAI

#security #pentest #windowsinternals #vulnresearch

300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race YouTube video by Compass Security

New video out!

Security analyst John Ostrowski show the hands-on process behind discovering CVE-2025-24076 and CVE-2025-24994 described in our recent blog post.

Watch here: youtu.be/YwNcTuHxnAI

#security #pentest #windowsinternals #vulnresearch

NTLM relay works against HTTPS if channel binding is missing. Our new blog post explains why, shows how tooling evolved, and highlights defensive measures.

blog.compass-security.com/2025/11/ntlm...

Windows Access Tokens - From Authentication to Exploitation YouTube video by Compass Security

Want to understand how Windows handles authentication and access tokens? Security analyst @emanuelduss.ch explains how they’re created, used, and abused - with live demos.

🎥Presentation: youtu.be/_ODdwpxXRR4?...

#Security #Pentest #WindowsInternals

🎉Success. Our #Pwn2own team combined #zeroday bugs to #exploit @home-assistant.io green which earned them $20'000 and 4 pts. Congratz to @bcyrill.bsky.social Emanuele, Lukasz @muukong.bsky.social and @yvesbieri.bsky.social.

Respect to @stephenfewer.bsky.social and the Summoning Team for the wins.

So proud. Congratz. This is pwntastic!

🧭 Navigation complete! The team from Compass Security just charted a course straight into @home_assistant Green at #Pwn2Own. They head off to the disclosure room to spill how they did it. #P2OIreland

#Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @portswigger.net @burpsuite.bsky.social extension developed by our @muukong.bsky.social that helps manipulate #gRPC-Web traffic, even in absence of #protobuf schemas. blog.compass-security.com/2025/10/brpc...

Zero Day Initiative — Pwn2Own Ireland 2025: The Full Schedule Welcome to Pwn2Own Ireland 2025! We have some amazing spooky entries for this year’s contest, and a potential of up to $2,000,000 - including our largest ever single prize for a 0-click in WhatsApp fo...

@thezdi.bsky.social #Pwn2own schedule is out. Compass folks have been drawn 3rd to exploit the @home-assistant.io Green for $40,000. 🤞for a #bounty today Tuesday Oct 21st, 5pm (Swiss time). #ethicalhacking

Schedule www.zerodayinitiative.com/blog/2025/20...

Heading to Cork for #Pwn2Own Ireland 🇮🇪. Watch the live draw at 15:00 (Swiss time) to see which target we’ll be taking on 👀🔗 www.linkedin.com/events/pwn2o...

Learn about a FortiProxy Domain Fronting Protection bypass discovered by our analyst @emanuelduss.ch. Details in the advisory: www.compass-security.com/en/news/deta...

Curious how web filters are evaded? Read his blog series: blog.compass-security.com/2025/03/bypa...

#cve #pentest #bypass

The leaked LockBit chats give a rare inside look at ransomware ops.

Read our blog for an analysis and lessons for defenders: blog.compass-security.com/2025/10/lock...

#CyberSecurity #Ransomware #LockBit

NIS2 means stricter rules and steep fines.

Penetration testing is key to proving compliance & improving security, uncovering flaws before attackers do.

Our latest blog explains why you need it now: blog.compass-security.com/2025/09/ensu...

#CyberSecurity #NIS2 #Pentesting

Kerberos Deep Dive Part 6 - Resource-Based Constrained Delegation YouTube video by Compass Security

The final episode of our Kerberos deep dive is live!

RBCD opens new attack paths in Kerberos. Learn how misconfigs enable privilege escalation and how to defend.

youtu.be/l97RDnzdrXY?...

#Kerberos #ActiveDirectory

Kerberos Deep Dive Part 5 - Constrained Delegation YouTube video by Compass Security

Episode 5 of our Kerberos deep dive is live. Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices.

youtu.be/rnhr02eKU0I?...

#Kerberos #ActiveDirectory

Kerberos Deep Dive Part 4 - Unconstrained Delegation YouTube video by Compass Security

Episode 4 of our Kerberos deep dive is live. Unconstrained delegation can expose critical credentials. Learn how attackers abuse it. And how to lock down your systems.

youtu.be/_6FYZRTJQ-s?...

#Kerberos #ActiveDirectory