Penetration Testing, Red Teaming, Incident Response, Bug Bounty, Security Training, Cyber Range
Joined October 2009
- Tweets 1,298
- Following 111
- Followers 3,453
- Likes 241
440 Photos and videos
At @a41con next week?👋
Come to our booth to see EntraFalcon in action: our open-source tool for assessing Microsoft Entra ID security posture. Privileged objects, risky assignments, conditional access misconfigs: find what's hiding in your tenant.
2
134
AI agents in your Entra ID tenant? They come with new identities, permissions, fresh attack paths.
Chrigi @ZH938472 breaks down Entra Agent ID security, their capabilities, control paths, abuse scenarios, and how to review your exposure with EntraFalcon.
blog.compass-security.com/20…
2
4
323
The monkey is still curious 🐒 Teleboy has topped up its bug bounty program with another CHF 10'000 in rewards. Explore a platform serving 400'000 users across TV, internet, and telephony. Ready for another hunt? #bugbounty #ethicalhacking #cybersecurity
bugbounty.compass-security.c…
1
277
SSH everywhere, misconfigurations somewhere. Our new SSH Labs let you get your hands dirty: slides, video, and a Docker-based lab. Created by our Security Analyst @emanuelduss, learn how SSH breaks and how to fix it: blog.compass-security.com/20…
#SSH #InfoSec #Security
3
5
517
Compass Security retweeted
May 26
AREA41 testing in full swing - excited for the conferenec 😎
6
19
889
Thank you, @a41con ! Excited to be on board as a Platinum Sponsor. Looking forward to connecting with the community on-site!
Mar 20
✨ We’re excited to welcome @compasssecurity as a Platinum Sponsor for the AREA41 security conference 2026 🛸 👽
Thank you for supporting the infosec community‼️
➡️ Check them out at: compass-security.com
📅 June 18-19. 2026, Zürich - area41.io
1
230
Compass vulnerability research identified code execution paths affecting AI coding assistants including @claudeai , @cursor_ai and @OpenAI #Codex. The findings will be demonstrated live at @thezdi Initiative #Pwn2Own Berlin 2026, May 14 to 16. #AIsecurity #LLM
4
11
950
🦖 Meet RAPTR: our new open source platform for red and purple team collaboration. Plan engagements, document attacks and detections, evaluate results, and generate reports, all API-driven. Beta is live, feedback welcome! #PurpleTeam
blog.compass-security.com/20…
4
10
861
Tabletop exercises show how incident response processes fall apart under pressure, far beyond what any plan suggests. Here we share key lessons from real TTX sessions: failures in communication, decision-making, structure, and human factors.
blog.compass-security.com/20…
1
4
18
4,804
The final part of our Entra ID blog series looks at common Conditional Access weaknesses, practical attack scenarios, and how to identify such issues with EntraFalcon.
blog.compass-security.com/20…
1
12
93
4,942
Your CI/CD pipeline might be your weakest link. @marcandretanner shows how exposed secrets, misconfigured runners and cross-cloud trust relationships can be abused to pivot from GitLab into AD and Entra ID.
Don't miss it 👉April 14, 1:15 pm at @SpecterOps' #SOCON2026
Feb 23
GitLab is a prime DevOps target for attackers—IP, supply chain risk, & access to connected systems. 🎯
At #SOCON2026, @marcandretanner shows how an OpenGraph GitLab collector uncovers hybrid attack paths across CI/CD, service accounts, AD & Entra ID.
➡️ ghst.ly/socon26-tw
1
6
813
Part 3 of our Entra ID blog series looks at common weak PIM configurations, practical abuse scenarios, and how to identify them with EntraFalcon: blog.compass-security.com/20…
35
129
8,669
🏃♂️Time for a security workout. Sanitas is launching its #bugbounty program and inviting ethical hackers to help keep its digital healthcare services in peak condition.
Hunt vulnerabilities and help protect critical healthcare systems: bugbounty.compass-security.c…
1
1
447
Compass Security retweeted
Mar 20
✨ We’re excited to welcome @compasssecurity as a Platinum Sponsor for the AREA41 security conference 2026 🛸 👽
Thank you for supporting the infosec community‼️
➡️ Check them out at: compass-security.com
📅 June 18-19. 2026, Zürich - area41.io
3
9
809
Unprotected groups in Entra ID can lead to privilege escalation.
Part 2 of our 4-part series shows how weakly protected groups can be abused to bypass controls, gain privileged access, and lead to full compromise—and how to detect this with EntraFalcon: blog.compass-security.com/20…
35
158
42,250
Foreign enterprise apps can expose your Entra ID tenant. Today, we release part 1 of our 4-part weekly series on common Entra ID pitfalls and how to detect them with EntraFalcon. Learn how external apps can lead to data access or worse: blog.compass-security.com/20…
40
155
9,049
EntraFalcon update 🚀 The new Security Findings Report turns Entra ID enumeration into actionable findings with 60 checks and color charts. Read the blog post of Chrigi @ZH938472 and try the tool now on your tenant! blog.compass-security.com/20…
#EntraID #CloudSecurity #EntraFalcon
11
52
3,476
WinGet can be more than a package manager. We show how .winget configs a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips.
blog.compass-security.com/20…
#RedTeam #Windows #LOLBins #InitialAccess
21
78
4,208
John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.
blog.compass-security.com/20…
#Windows #CVE #SecurityResearch #PrivEsc
2
18
50
5,354
From #Pwn2Own Automotive 2026: Compass vs. Grizzl-E. So awesome! youtube.com/shorts/Dn4VroXv0… via @YouTube
8
605