WinGet can be more than a package manager. We show how .𝚠𝚒𝚗𝚐𝚎𝚝 configs + a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips.
blog.compass-security.com/2026/03/wing...
#RedTeam #Windows #LOLBins #InitialAccess
Bitpixie presentation
Last week presented at an university alumni event, this week successfully used during a red teaming engagement.
🧭 Navigation complete! The team from Compass Security just charted a course straight into @home_assistant Green at #Pwn2Own. They head off to the disclosure room to spill how they did it. #P2OIreland
After some more tests and helpful community feedback I managed to successfully exploit the same testing device using the WinPE method. The blog post has been updated with a corresponding demonstration video.
Now merged into Certipy 5.0.2
Curious why I was rebooting random laptops?
Credit goes to Rairii for the original research and Thomas from @neodyme.io for the initial PoC.
SOCON swag
Last week I had a fantastic experience at @specterops.bsky.social's #SOCON2025 and subsequent IDOT training. It was a great opportunity to get in touch with leading experts. Apparently I also bugged them enough to merge my small BloodHound contribution. github.com/SpecterOps/B...
TokenPhisher now forces recent MFA logins from victims which comes in handy when emulating these device code phishing tactics: github.com/CompassSecur...
Avoid LDAP monitoring by leveraging local registry data with certipy parse! Check out our latest pull request and read Marc Tanner’s (@brain-dump.org) blog post: blog.compass-security.com/2025/02/stea...
