BYOVD: How Attackers Use Legitimate Drivers to Kill Your Security Tools
BYOVD (Bring Your Own Vulnerable Driver) lets attackers reach the Windows kernel using signed, legitimate drivers — and then silently kill your EDR before ransomware drops.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth research on red team techniques, threat analysis, and blue team strategy. No fluff — only what matters.
Featured
Latest research
Archive
Recent posts
Cookie-Controlled PHP Webshells: A Stealthy Tradecraft in Linux Hosting Environments
Microsoft's Defender team uncovered a clever attacker technique: PHP webshells that stay completely dormant until activated by a secret HTTP cookie. Here's how it works — and how to catch it.
We Built a Supply Chain Scanner — Here's What We Learned
Gate is an open-source Python CLI that catches what Trivy and Snyk miss: newly published packages, suspicious install scripts, and maintainer takeovers. Zero dependencies by design.
The Package You Trusted: How the Axios Supply Chain Attack Happened
On March 31, 2026, a trusted npm package with 400 million monthly downloads was backdoored for three hours. Here's how it worked and why it keeps happening.
When Trusted Agents Turn Rogue: The Rise of the Double Agent in Modern AI Systems
AI agents are trusted to act on your behalf — but that trust is exactly what attackers exploit. Here's how AI agents get turned against you, and why you won't see it coming.
Cybersecurity Careers: What the Job Actually Looks Like (Not the Movie Version)
A realistic guide to cybersecurity career paths in 2026 — from SOC analyst to GRC, threat intel, AppSec, cloud security, and DFIR. What each role actually does every day.
BloodHound from First Run to Domain Admin: A Practical Red Team Guide
A hands-on red team guide to BloodHound CE — from SharpHound data collection to reading attack paths and finding the fastest route to Domain Admin in Active Directory.