Compass Security Blog - Offensive Defense

Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration

This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores…

Lire la suite

Common Entra ID Security Assessment Findings – Part 2: Privileged Unprotected Groups

In part 2 of our 4-part series on common Entra ID security findings, we show how seemingly harmless group configurations can be abused to bypass…

Lire la suite

Common Entra ID Security Assessment Findings – Part 1: Foreign Enterprise Applications With Privileged API Permissions

This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores…

Lire la suite

From Enumeration to Findings: The Security Findings Report in EntraFalcon

We just released a big update for EntraFalcon. The new Security Findings Report adds an interactive HTML overview to EntraFalcon that consolidates…

Lire la suite

WinGet Desired State: Initial Access Established

While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for…

Lire la suite