Xanthorox AI: When the Attacker's AI Goes Dark
Xanthorox is an offline, modular AI attack platform with five specialized models — and it needs no cloud, no API, and leaves no traditional IoCs. Here's what defenders need to know.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth research on red team techniques, threat analysis, and blue team strategy. No fluff — only what matters.
Featured
Latest research
Archive
Recent posts
AI Agent Traps: Six Ways Attackers Manipulate Autonomous AI — With Real Examples
Google DeepMind published the first systematic taxonomy of AI agent manipulation techniques. Here's what each attack looks like in practice — and why most AI deployments are already vulnerable.
Browser-in-the-Browser: The Phishing Attack That Fakes the Browser Itself
Browser-in-the-Browser (BitB) attacks forge convincing browser popup windows using pure HTML and CSS — making phishing pages nearly impossible to spot by eye. Here's how it works and how to defend against it.
SSRF Explained: How Attackers Make Servers Fetch Secrets for Them
Server-Side Request Forgery (SSRF) lets attackers trick a server into making requests on their behalf — reaching internal systems, cloud credentials, and more.
XSS Explained: How Attackers Inject Code Into Your Browser
Cross-Site Scripting (XSS) lets attackers inject malicious JavaScript into web pages viewed by other users — stealing sessions, redirecting victims, and taking over accounts.
Active Directory Attacks: The Complete Attack Path Guide
A structured guide to Active Directory attack techniques — from BloodHound enumeration through Kerberoasting, LSASS dumping, ADCS abuse, and Shadow Credentials to Entra ID pivot. Every technique with detection coverage.
API Security in 2026: JWT Attacks, OAuth Abuse, and GraphQL Exploitation
APIs are the most exploited attack surface in 2026. Learn how attackers abuse JWT tokens, OAuth flows, and GraphQL endpoints — and how to stop them.