Compass Security Blog - Offensive Defense

NTLM Relaying to HTTPS

NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM…

Read more

bRPC-Web: A Burp Suite Extension for gRPC-Web

The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when…

Read more

LockBit Breach: Insights From a Ransomware Group’s Internal Data

Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid…

Read more

Ensuring NIS2 Compliance: The Importance of Penetration Testing

The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across…

Read more

Collaborator Everywhere v2

Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks. 

 

We developed an upgrade to…

Read more