A Nifty Initial Access Payload

Red Teaming engagements are “realistic” attack simulations designed to test the security posture of an organization and its Blue Team. This term is…

Lire la suite

Harvesting GitLab Pipeline Secrets

TLDR: Scan GitLab job logs for credentials using https://github.com/CompassSecurity/pipeleak Many organizations use (self-hosted) GitLab instances to…

Lire la suite

A Look Back: Insights from Our Managed Bug Bounty Program

At Compass Security, we are proud to offer a fully managed bug bounty program tailored to the needs of both SMEs and larger enterprises. From scoping…

Lire la suite

Email, Email on the Wall, Who Sent You, After All?

During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC…

Lire la suite

Voice  Cloning with Deep Learning Models

Given the explosion of development and interest in deep learning models in the past year, we decided to research on the topic to increase our know-how…

Lire la suite