Your AI Assistant Has Tools. Audit Them Before They Audit You.
A practical home-user checklist for auditing MCP servers, AI assistant tools, local permissions, and supply-chain risk before a trusted setup turns into an exposed one.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth red team research, blue team strategy — and privacy-first security tools that run entirely in your browser. No accounts. No telemetry. No data leaves your machine.
Featured
Latest research
Archive
Recent posts
How Europol Is Catching Cybercriminals in 2026
Europol does not usually kick down the door. It makes cybercrime investigations cross-border, evidence-rich, and harder for offenders to escape.
SaaS Hacking: The New Internal Network Attackers Already Use
Attackers no longer need malware on every endpoint. With one valid identity, token, or integration, they can move through Microsoft 365, Google Workspace, Salesforce, Slack, GitHub, and other SaaS platforms like an internal network.
GreatXML: When a Setup File Unlocks BitLocker
GreatXML is a public BitLocker-bypass PoC claim involving WinRE, Defender Offline Scan state, and unattend.xml. The defensive lesson is bigger than one repository: recovery environments are security boundaries.
RoguePlanet: Nightmare Eclipse's New Windows Defender LPE PoC After the June 2026 Patch
RoguePlanet is the latest public Nightmare Eclipse proof-of-concept targeting Microsoft Defender. The code points to a race condition that turns Defender cleanup behavior into SYSTEM execution.
N-days Are Becoming N-hours
Anthropic's June 2026 N-day research shows how frontier models can turn public patches into working exploits in hours. Here's what defenders should change now.
Court Said Stop. Meta Says NSO Group Didn't Listen.
Meta says NSO Group violated a federal court's permanent injunction within months of receiving it by running new social engineering attempts against WhatsApp users. Meta is now seeking contempt of court.