The EDR Dead Zone: How Attackers Pivot Through Cameras and NAS Devices
IoT devices like IP cameras and NAS boxes sit on your network but outside your EDR coverage. Here's how attackers exploit them to pivot — and how defenders can detect it.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth red team research, blue team strategy — and privacy-first security tools that run entirely in your browser. No accounts. No telemetry. No data leaves your machine.
Featured
Latest research
Archive
Recent posts
Claude Mythos: The AI That Rewrites the Rules of Cybersecurity — For Everyone
Anthropic built an AI that autonomously discovered a 27-year-old vulnerability in widely-used code. It can build working exploits from scratch. It's too dangerous to release publicly. Here's what that means for your bank, your government, your code — and the future of digital security.
NTLM Relay in 2026: Microsoft Declared It Dead. Attackers Didn't Get the Memo.
Microsoft is officially deprecating NTLM — yet CVE-2025-24054 was actively exploited days after patching, and the Coercion → Relay → ADCS → Domain Admin chain still works in most enterprise environments. Here's the full 2026 kill chain and how to detect it.
Prompt Injection in 2026: From Research Toy to Real CVEs, Agent Hijacking, and Zero-Click Exfiltration
CVE-2025-32711 (EchoLeak) exfiltrated M365 data with zero user interaction. The Anthropic MCP server had three exploitable injection CVEs. OpenAI says AI browsers may never be fully fixed. Here's the full attack chain — and how to detect it.
DCSync: How Attackers Steal Every Password in Your Domain — and How to Stop Them
DCSync abuses Active Directory replication to pull every password hash from a domain controller without touching it. Here's how the attack works, what it leaves in your logs, and how to build detections that catch it.
Pass-the-Hash & Pass-the-Ticket: How Attackers Move Laterally — and How to Catch Them
A practitioner's guide to PtH and PtT attacks: how they work, what tools attackers use, what evidence they leave behind, and how to build detections with Sigma and Wazuh.
When Your Defender Becomes the Attacker: How Trusted Windows Processes Get Weaponized
Windows Defender and other high-privilege system processes are increasingly targeted by attackers. Learn how security tools become attack surfaces — and what you can do about it.