Hitchhiker’s Guide to Managed Security

Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers.

 

Particularly after…

Weiterlesen

A Nifty Initial Access Payload

Red Teaming engagements are “realistic” attack simulations designed to test the security posture of an organization and its Blue Team. This term is…

Weiterlesen

Harvesting GitLab Pipeline Secrets

TLDR: Scan GitLab job logs for credentials using https://github.com/CompassSecurity/pipeleak Many organizations use (self-hosted) GitLab instances to…

Weiterlesen

A Look Back: Insights from Our Managed Bug Bounty Program

At Compass Security, we are proud to offer a fully managed bug bounty program tailored to the needs of both SMEs and larger enterprises. From scoping…

Weiterlesen

Email, Email on the Wall, Who Sent You, After All?

During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC…

Weiterlesen