The Package You Trusted: How the Axios Supply Chain Attack Happened
On March 31, 2026, a trusted npm package with 400 million monthly downloads was backdoored for three hours. Here's how it worked and why it keeps happening.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth research on red team techniques, threat analysis, and blue team strategy. No fluff — only what matters.
Featured
Latest research
Archive
Recent posts
When Trusted Agents Turn Rogue: The Rise of the Double Agent in Modern AI Systems
AI agents are trusted to act on your behalf — but that trust is exactly what attackers exploit. Here's how AI agents get turned against you, and why you won't see it coming.
Cybersecurity Careers: What the Job Actually Looks Like (Not the Movie Version)
A realistic guide to cybersecurity career paths in 2026 — from SOC analyst to GRC, threat intel, AppSec, cloud security, and DFIR. What each role actually does every day.
BloodHound from First Run to Domain Admin: A Practical Red Team Guide
A hands-on red team guide to BloodHound CE — from SharpHound data collection to reading attack paths and finding the fastest route to Domain Admin in Active Directory.
Trust Me, I'm a Shortcut: How LNK Files Lie to Windows Explorer
Windows .lnk shortcut files can show one target while silently executing another. Discover five spoofing techniques including CVE-2025-9491, how attackers exploit them, and how to detect them.
Hidden in Plain Sight: NTFS Alternate Data Streams and How Attackers Abuse Them
NTFS Alternate Data Streams let attackers hide executables inside innocent-looking files. Learn how ADS works, how malware uses it, and how to detect it with PowerShell, Sysinternals, and Sysmon.
Shadow Credentials: Account Takeover Without a Password
Shadow Credentials abuse msDS-KeyCredentialLink via DACL misconfiguration to add a rogue certificate, authenticate via PKINIT, and extract NT hashes — no password required.