Compass Security

SSH is a widely used protocol that provides secure access to remote systems. It enables encrypted communication, file transfers, command execution and shell access for system administration. Visit https://sshlabs.compass-security.training to learn more about SSH security.

I’m happy to announce that we are releasing the beta version of RAPTR, a fully open source, API driven collaboration platform built specifically for red and purple team engagements.

On paper, the vast majority of crisis plans look reasonable, actionable and complete. Once the rubber hits the road, however, chaos emerges quickly.

This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. Conditional Access Policies Conditional Access policies are among the most important security controls in Entra ID.

This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. What Is Privileged Identity Management? Privileged Identity Management (PIM) is a service in Microsoft Entra ID

In part 2 of our 4-part series on common Entra ID security findings, we show how seemingly harmless group configurations can be abused to bypass security controls and gain high privileges. The post shows scenarios where insufficiently protected groups are used to: weaken Conditional Access protections for administrators enable privilege escalation through PIM for Groups grant privileged access to Azure resources, leading to full compromise We also show how to detect these issues in practice using EntraFalcon and how to mitigate them.

This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to support a clearer understanding of the underlying risks and practical implications. Introduction In the vast majority of tenants we review, there are enterprise applications that originate from

We just released a big update for EntraFalcon. The new Security Findings Report adds an interactive HTML overview to EntraFalcon that consolidates tenant settings and object-based checks into structured security findings. Over 60 checks, graphical charts, filtering, export, and more options are now available.

While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for environments where the Microsoft Store is not disabled.

Last year we wrote about a Windows 11 vulnerability that allowed a regular user to gain administrative privileges. Not long after, Manuel Kiesel from Cyllective AG reached out to us after stumbling across a seemingly similar issue while investigating the Lenovo Vantage application. It turns out that the exploit primitive for arbitrary file deletion to gain SYSTEM privileges no longer works on current Windows machines.