Cyber Security Practice Lab
Joined September 2012
- Tweets 982
- Following 84
- Followers 2,839
- Likes 424
258 Photos and videos
The Hacking Lab retweeted
AI agents in your Entra ID tenant? They come with new identities, permissions, fresh attack paths.
Chrigi @ZH938472 breaks down Entra Agent ID security, their capabilities, control paths, abuse scenarios, and how to review your exposure with EntraFalcon.
blog.compass-security.com/20…
2
4
328
The Hacking Lab retweeted
The monkey is still curious 🐒 Teleboy has topped up its bug bounty program with another CHF 10'000 in rewards. Explore a platform serving 400'000 users across TV, internet, and telephony. Ready for another hunt? #bugbounty #ethicalhacking #cybersecurity
bugbounty.compass-security.c…
1
277
The Hacking Lab retweeted
🦖 Meet RAPTR: our new open source platform for red and purple team collaboration. Plan engagements, document attacks and detections, evaluate results, and generate reports, all API-driven. Beta is live, feedback welcome! #PurpleTeam
blog.compass-security.com/20…
4
10
861
The Hacking Lab retweeted
The final part of our Entra ID blog series looks at common Conditional Access weaknesses, practical attack scenarios, and how to identify such issues with EntraFalcon.
blog.compass-security.com/20…
1
12
93
4,942
The Hacking Lab retweeted
🏃♂️Time for a security workout. Sanitas is launching its #bugbounty program and inviting ethical hackers to help keep its digital healthcare services in peak condition.
Hunt vulnerabilities and help protect critical healthcare systems: bugbounty.compass-security.c…
1
1
447
The Hacking Lab retweeted
Foreign enterprise apps can expose your Entra ID tenant. Today, we release part 1 of our 4-part weekly series on common Entra ID pitfalls and how to detect them with EntraFalcon. Learn how external apps can lead to data access or worse: blog.compass-security.com/20…
40
155
9,049
The Hacking Lab retweeted
Unprotected groups in Entra ID can lead to privilege escalation.
Part 2 of our 4-part series shows how weakly protected groups can be abused to bypass controls, gain privileged access, and lead to full compromise—and how to detect this with EntraFalcon: blog.compass-security.com/20…
35
158
42,250
The Hacking Lab retweeted
EntraFalcon update 🚀 The new Security Findings Report turns Entra ID enumeration into actionable findings with 60 checks and color charts. Read the blog post of Chrigi @ZH938472 and try the tool now on your tenant! blog.compass-security.com/20…
#EntraID #CloudSecurity #EntraFalcon
11
52
3,476
The Hacking Lab retweeted
WinGet can be more than a package manager. We show how .winget configs a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips.
blog.compass-security.com/20…
#RedTeam #Windows #LOLBins #InitialAccess
21
78
4,209
The Hacking Lab retweeted
John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.
blog.compass-security.com/20…
#Windows #CVE #SecurityResearch #PrivEsc
2
18
50
5,357
The Hacking Lab retweeted
16 Dec 2025
In a new video, Nicolò Fornari walks through how to fuzz with AFL , how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL internals. youtu.be/L5Tin7m5sbE?si=D0IL…
#security #fuzzing #AFLplusplus #appsec
17
59
5,577
The Hacking Lab retweeted
26 Nov 2025
NTLM relay works against HTTPS if channel binding is missing. Our new blog post explains why, shows how tooling evolved, and highlights defensive measures.
blog.compass-security.com/20…
33
120
8,934
The Hacking Lab retweeted
15 Oct 2025
Learn about a FortiProxy Domain Fronting Protection bypass discovered by our analyst @emanuelduss . Details in the advisory: compass-security.com/en/news…
Curious how web filters are evaded? Read his blog series: blog.compass-security.com/20…
#cve #pentest #bypass
7
9
2,648
The Hacking Lab retweeted
7 Oct 2025
The leaked LockBit chats give a rare inside look at ransomware ops.
Read our blog for an analysis and lessons for defenders: blog.compass-security.com/20…
#CyberSecurity #Ransomware #LockBit
1
1
523
The Hacking Lab retweeted
23 Sep 2025
NIS2 means stricter rules and steep fines.
Penetration testing is key to proving compliance & improving security, uncovering flaws before attackers do.
Our latest blog explains why you need it now: blog.compass-security.com/20…
#CyberSecurity #NIS2 #Pentesting
2
340
The Hacking Lab retweeted
18 Sep 2025
The final episode of our Kerberos deep dive is live!
RBCD opens new attack paths in Kerberos. Learn how misconfigs enable privilege escalation and how to defend.
youtu.be/l97RDnzdrXY?feature…
#Kerberos #ActiveDirectory
3
4
501
The Hacking Lab retweeted
16 Sep 2025
Episode 5 of our Kerberos deep dive is live.
Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices.
youtu.be/rnhr02eKU0I?si=7cWC…
#Kerberos #ActiveDirectory
3
4
539
The Hacking Lab retweeted
11 Sep 2025
Episode 4 of our Kerberos deep dive is live.
Unconstrained delegation can expose critical credentials. Learn how attackers abuse it. And how to lock down your systems.
youtu.be/_6FYZRTJQ-s?feature…
#Kerberos #ActiveDirectory
2
4
552
The Hacking Lab retweeted
9 Sep 2025
Episode 3 of our Kerberos deep dive is live. AS-REP Roasting abuses accounts without pre-auth. Learn the risks, how attackers exploit it, and how to defend.
youtu.be/56BjmyOTN5o?feature…
#Kerberos #ActiveDirectory
3
6
745
The Hacking Lab retweeted
9 Sep 2025
We use James Kettle’s (@albinowax) Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF.
Find out more here: blog.compass-security.com/20…
#AppSec #BurpSuite #Pentesting
2
28
140
13,071