AWS IAM Privilege Escalation to Data Exfil: The Full Attack Chain
How attackers escalate from a low-privilege AWS IAM credential to full S3 data theft — and the CloudTrail events, GuardDuty findings, and Sigma rules that expose them.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth red team research, blue team strategy — and privacy-first security tools that run entirely in your browser. No accounts. No telemetry. No data leaves your machine.
Featured
Latest research
Archive
Recent posts
macOS Offensive Security: How Attackers Exploit Apple's Unique Attack Surface
TCC bypass, Keychain theft, Launch Agent persistence, dylib hijacking — how attackers target macOS and how defenders detect them. Attack→Detect with real commands.
Memory Forensics with Volatility 3: What Attackers Leave Behind
How attackers hide in RAM using fileless malware and process injection — and how defenders use Volatility 3 to find them. Practical DFIR workflow with real commands.
Linux Lateral Movement: Attack Techniques and How to Detect Them
A complete guide to Linux lateral movement — SSH pivoting, ssh-agent hijacking, credential harvesting, port forwarding, and NFS abuse. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
Violence-as-a-Service: How Organized Crime Borrowed the Cybercrime Playbook
Europol's OTF GRIMM has made 280 arrests in one year targeting criminal networks that outsource violence like a SaaS product. The model mirrors ransomware-as-a-service — and it's recruiting teenagers through Discord and encrypted apps.
MITRE ATT&CK v19: Defense Evasion Is Dead — Meet Stealth and Impair Defenses
ATT&CK v19 drops April 28 and splits Defense Evasion into two tactics. Here's what changes, why it matters for detection engineering, and what you need to do before the weekend.
State-Sponsored Threat Actors 2026: Who They Are and What They Do
A threat intelligence deep-dive into the world's most dangerous state-sponsored APT groups — their identities, motivations, campaigns, and tradecraft in 2026.