Rapid Compromise Triage: First 10 Minutes on Linux and Windows
A practical workflow for the first 10 minutes after a suspected breach — commands with explanations for Linux and Windows triage, red flags, and when to escalate.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth red team research, blue team strategy — and privacy-first security tools that run entirely in your browser. No accounts. No telemetry. No data leaves your machine.
Featured
Latest research
Archive
Recent posts
Xanthorox AI: When the Attacker's AI Goes Dark
Xanthorox is an offline, modular AI attack platform with five specialized models — and it needs no cloud, no API, and leaves no traditional IoCs. Here's what defenders need to know.
AI Agent Traps: Six Ways Attackers Manipulate Autonomous AI — With Real Examples
Google DeepMind published the first systematic taxonomy of AI agent manipulation techniques. Here's what each attack looks like in practice — and why most AI deployments are already vulnerable.
Browser-in-the-Browser: The Phishing Attack That Fakes the Browser Itself
Browser-in-the-Browser (BitB) attacks forge convincing browser popup windows using pure HTML and CSS — making phishing pages nearly impossible to spot by eye. Here's how it works and how to defend against it.
SSRF Explained: How Attackers Make Servers Fetch Secrets for Them
Server-Side Request Forgery (SSRF) lets attackers trick a server into making requests on their behalf — reaching internal systems, cloud credentials, and more.
XSS Explained: How Attackers Inject Code Into Your Browser
Cross-Site Scripting (XSS) lets attackers inject malicious JavaScript into web pages viewed by other users — stealing sessions, redirecting victims, and taking over accounts.
Active Directory Attacks: The Complete Attack Path Guide
A structured guide to Active Directory attack techniques — from BloodHound enumeration through Kerberoasting, LSASS dumping, ADCS abuse, and Shadow Credentials to Entra ID pivot. Every technique with detection coverage.