Passkeys Don’t we all know the hassle of managing loads of passwords, trying to come up with sec... 2025-2-25 08:1:22 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com passwords passkeys passkey phishing

Stealthy AD CS Reconnaissance 本文介绍了一种基于本地注册表数据的隐蔽Active Directory Certificate Services (AD CS) 枚举方法。通过分析注册表中的证书模板缓存，攻击者可绕过传统LDAP监控，在低权限环境下收集敏感信息并结合工具进行特权提升。... 2025-2-11 08:2:20 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com certipy ludus 2404182060 3291837554 245906837

BloodHound Community Edition Custom Queries This blog post introduces our new custom queries for BloodHound Community Edition (CE) and... 2025-1-28 13:31:26 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com bloodhound github security compass importing

Hitchhiker’s Guide to Managed Security Over the past few years, we have had the opportunity to conduct several Purple Teaming exer... 2025-1-14 08:2:30 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com purple tl clearly client

A Nifty Initial Access Payload Red Teaming engagements are “realistic” attack simulations designed to test the security po... 2024-12-17 09:2:12 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com b33f burp initializer software loaded

Harvesting GitLab Pipeline Secrets TLDR: Scan GitLab job logs for credentials using https://github.com/CompassSecurity/pipele... 2024-12-3 16:1:39 | 阅读: 3 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com compass gitlab artifact 18t10 pipeleak

A Look Back: Insights from Our Managed Bug Bounty Program IntroductionAt Compass Security, we are proud to offer a fully managed bug bounty progr... 2024-11-21 22:1:25 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com hunters triage chf bounties payout

Email, Email on the Wall, Who Sent You, After All? Franky opens her email in the morning and sees the following email in her inbox:... 2024-10-29 16:1:33 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com aol yahoo spf dkim msa

Voice Cloning with Deep Learning Models Given the explosion of development and interest in deep learning models in the past... 2024-10-18 15:1:30 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com wav duration clips cloning tortoise

COM Cross-Session Activation Once again, reading blogs and tweets from James Forshaw led me to wonder how things work. T... 2024-10-1 15:2:28 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com software activation updater forshaw

Email, Email on the Wall, Who Sent You, After All? During Business Email Comproise (BEC) engagements we often have to analyze the provenance o... 2024-9-24 17:47:11 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com aol yahoo spf dkim dmarc

Three-Headed Potato Dog Earlier this year, several security researchers published research about using DCOM to coer... 2024-9-17 21:32:16 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com potato dcom machine clsid

From Classroom into Bug Bounty: Investigating Motivational Factors Among Swiss Students Bug bounty programs have evolved into a critical element of modern cybersecurity, allowing... 2024-9-6 14:2:10 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com rewards hunters attract

A Patchdiffing Journey – TP-Link Omada IntroductionLast year we participated in the Pwn2Own 2023 Toronto competition and succe... 2024-8-20 15:2:10 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com dhcp6c v61 dhcp6 payload dhcpv6

SAML Raider Release 2.0.0 SAML Raider [0] is a Burp Suite [1] extension and the tool of choice for many pentesters fo... 2024-7-2 15:1:58 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com gradle github burp montoya raider

Introducing Conkeyscan – Confluence Keyword Scanner TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towar... 2024-6-18 15:2:4 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com conkeyscan atlassian cql 696 username

Blockchain / Smart Contract Bugs IntroductionA blockchain is a distributed append-only database (aka ledger) that remove... 2024-6-4 15:1:21 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com blockchain reentrancy attacker

How to become a Hacker IntroductionLast year, I attended a job fair organized by the Association of Comput... 2024-5-21 15:2:1 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com network security degree solving

Bug Bounty: Insights from Our First-hand Experience error code: 1016... 2024-5-7 15:2:0 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com 1016

New Burp Extension: JWT-scanner Authentication and authorization are critical components of any application. Various standa... 2024-4-23 15:2:1 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - blog.compass-security.com jwts security burp jwk