Cyrill

20 days ago

Very nicely done! Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security were able to exploit Anthropic Claude Code! They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OBerlin

2

20

3

4K

bcyrill retweeted

21 days ago

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security exploited Cursor in the second round, earning $15,000 and 3 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

thezdi's tweet photo. Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security exploited Cursor in the second round, earning $15,000 and 3 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin https://t.co/iAM7YJELvz

0

39

3

0

4K

bcyrill retweeted

Husband and father, boardgame player, amateur photographer... and red teamer for a living. ⚠️This is a personal account and isn't related to my employer⚠️

21 days ago

Boom! Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security was able to exploit Cursor! They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OBerlin

0

14

3

1

4K

Who to follow

Nicolas

@NicolasHeiniger

bcyrill retweeted

22 days ago

It's official! Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller of Compass Security (@compasssecurity) used a single CWE-150 bug to exploit OpenAI Codex, earning $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OBerlin

0

30

3

0

4K

bcyrill retweeted

22 days ago

Big W!! 💪 Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller (@compasssecurity) of Compass Security were able to exploit OpenAI Codex! Off to the disclosure room to spill the tea. #Pwn2Own #P2OBerlin

0

15

4

1

3K

bcyrill retweeted

23 days ago

Compass vulnerability research identified code execution paths affecting AI coding assistants including @claudeai , @cursor_ai and @OpenAI #Codex. The findings will be demonstrated live at @thezdi Initiative #Pwn2Own Berlin 2026, May 14 to 16. #AIsecurity #LLM

compasssecurity's tweet photo. Compass vulnerability research identified code execution paths affecting AI coding assistants including @claudeai , @cursor_ai and @OpenAI #Codex. The findings will be demonstrated live at @thezdi Initiative #Pwn2Own Berlin 2026, May 14 to 16. #AIsecurity #LLM https://t.co/pZT5cbXxz7

0

11

4

1

926

bcyrill retweeted

25 days ago

🦖 Meet RAPTR: our new open source platform for red and purple team collaboration. Plan engagements, document attacks and detections, evaluate results, and generate reports, all API-driven. Beta is live, feedback welcome! #PurpleTeam https://t.co/GyXw40nN2p

compasssecurity's tweet photo. 🦖 Meet RAPTR: our new open source platform for red and purple team collaboration. Plan engagements, document attacks and detections, evaluate results, and generate reports, all API-driven. Beta is live, feedback welcome! #PurpleTeam

https://t.co/GyXw40nN2p https://t.co/XEndsvVbUV

0

10

4

6

843

bcyrill retweeted

3 months ago

EntraFalcon update 🚀 The new Security Findings Report turns Entra ID enumeration into actionable findings with 60+ checks and color charts. Read the blog post of Chrigi @ZH938472 and try the tool now on your tenant! https://t.co/07gzDox92b #EntraID #CloudSecurity #EntraFalcon

compasssecurity's tweet photo. EntraFalcon update 🚀 The new Security Findings Report turns Entra ID enumeration into actionable findings with 60+ checks and color charts. Read the blog post of Chrigi @ZH938472 and try the tool now on your tenant! https://t.co/07gzDox92b
#EntraID #CloudSecurity #EntraFalcon https://t.co/u7WPNXx1nv

0

52

11

56

3K

bcyrill retweeted

5 months ago

2-for-2! 🏆 Huge shoutout to @yves_bieri and Lukasz for clean exploits on the Alpine iLX-F511 and Grizzl-E Smart 40A systems with the Charging Connector Protocol/Signal Manipulation add-on. Couldn’t be prouder of the team for executing perfectly today. Congrats! #Pwn2Own

0

12

1

0

2K

bcyrill retweeted

5 months ago

We have a collision! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) earned $25,000 USD and 4 Master of Pwn points with the Charging Connector Protocol/Signal Manipulation add‑on against the Grizzl‑E Smart 40A, chaining an authentication bypass (CWE‑306) to remote code execution via CWE‑494. #Pwn2Own #P2OAuto

thezdi's tweet photo. We have a collision! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) earned $25,000 USD and 4 Master of Pwn points with the Charging Connector Protocol/Signal Manipulation add‑on against the Grizzl‑E Smart 40A, chaining an authentication bypass (CWE‑306) to remote code execution via CWE‑494. #Pwn2Own #P2OAuto

0

16

6

2

3K

bcyrill retweeted

5 months ago

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

thezdi's tweet photo. Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto https://t.co/S35uhIzlAO

0

17

5

1

3K

bcyrill retweeted

James Kettle

@albinowax

11 months ago

We've just released a massive update to Collaborator Everywhere! This is a complete rewrite by @compasssecurity which adds loads of features including in-tool payload customization. Massive thanks to Compass for this epic project takeover. Check out the new features:

albinowax's tweet photo. We've just released a massive update to Collaborator Everywhere! This is a complete rewrite by @compasssecurity which adds loads of features including in-tool payload customization. Massive thanks to Compass for this epic project takeover. Check out the new features: https://t.co/yQXoaxKLLN

0

111

12

20

8K

bcyrill retweeted

11 months ago

Exploiting the @Ubiquiti AI Bullet camera for #Pwn2Own made us sweat more than once. But persistence paid off. Our detailed blog post is now live: https://t.co/c7E76hGTbh #penetrationtest #pentest #iot #embedded #firmware https://t.co/NzMFRKdWhC

compasssecurity's tweet photo. Exploiting the @Ubiquiti AI Bullet camera for #Pwn2Own made us sweat more than once.
But persistence paid off. Our detailed blog post is now live: https://t.co/c7E76hGTbh

#penetrationtest #pentest #iot #embedded #firmware
https://t.co/NzMFRKdWhC https://t.co/1Csw8BbP4t

0

22

5

10

2K

bcyrill retweeted

over 1 year ago

Compass Security (@compasssecurity) ran into a collision in their attempt against the Ubiquiti AI bullet. Their exploit still wins them $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland

0

16

2

0

3K

bcyrill retweeted

over 1 year ago

Sweet! Compass Security (@compasssecurity) successfully exploited the Ubiquiti AI Bullet camera. They're off to the disclosure room to explain what happened. #Pwn2Own #P2OIreland

1

15

4

1

6K

bcyrill retweeted

about 2 years ago

All five parts of our journey to Pwn2Own Toronto 2023 are now live on our blog post. Follow this exciting hardware hacking project all the way to the final exploit:

1

29

13

3

5K

bcyrill retweeted

about 2 years ago

Five Compass Security analysts took on a new challenge at Pwn2Own Toronto last year. The goal? Unauthenticated remote code execution. Follow their journey on our blog this whole week! 🚀 #Pwn2Own #CyberSecurity https://t.co/dPilHEWs0z

compasssecurity's tweet photo. Five Compass Security analysts took on a new challenge at Pwn2Own Toronto last year. The goal? Unauthenticated remote code execution. Follow their journey on our blog this whole week! 🚀 #Pwn2Own #CyberSecurity
https://t.co/dPilHEWs0z https://t.co/oBu2j9S7Iz

2

77

30

22

12K

bcyrill retweeted

Pascal Gujer 

@pascal_gujer

about 2 years ago

🔒💻 Got a secret for you… Want to master beating BitLocker’s dTPM security? Dive into our 2-day @BlackHatEvents training to unlock the skills for bypassing TPM with a logic analyzer, much like the technique by @ghidraninja that have the cybersecurity world buzzing. From micro soldering to bus sniffing attacks on any notebook with a dTPM, we cover it all. Plus, you’ll take home a $600 hardware kit to continue your hacking exploits. Ready for real hardware hacking? This is your chance. #HardwareHacking #BHUSA24 Early-Bird is running now! https://t.co/yqd4jUpWzb

pascal_gujer's tweet photo. 🔒💻 Got a secret for you… Want to master beating BitLocker’s dTPM security?
Dive into our 2-day @BlackHatEvents training to unlock the skills for bypassing TPM with a logic analyzer, much like the technique by @ghidraninja that have the cybersecurity world buzzing. From micro soldering to bus sniffing attacks on any notebook with a dTPM, we cover it all. Plus, you’ll take home a $600 hardware kit to continue your hacking exploits. Ready for real hardware hacking? This is your chance. #HardwareHacking
#BHUSA24 Early-Bird is running now!

https://t.co/yqd4jUpWzb

1

26

12

5

3K

bcyrill retweeted