15 articles
A complete guide to Linux lateral movement — SSH pivoting, ssh-agent hijacking, credential harvesting, port forwarding, and NFS abuse. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
A complete guide to Linux privilege escalation — SUID abuse, sudo misconfig, cron hijacking, capabilities, and kernel exploits. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
Microsoft is officially deprecating NTLM — yet CVE-2025-24054 was actively exploited days after patching, and the Coercion → Relay → ADCS → Domain Admin chain still works in most enterprise environments. Here's the full 2026 kill chain and how to detect it.
SQL injection has existed since 1998 and still powers major breaches in 2026. A complete guide covering every attack type, real exploitation techniques, detection logic, and how to actually fix it.
CSRF (Cross-Site Request Forgery) forces authenticated users to unknowingly submit requests to a site they're logged into. Learn how it works, how to find it, and how to fix it.
IDOR (Insecure Direct Object Reference) is one of the most common and most impactful web vulnerabilities. Learn how it works, how to find it, and how to fix it.
A practical guide to mobile application penetration testing on Android and iOS — static analysis, dynamic analysis, traffic interception, and the most common vulnerabilities found in real engagements.
A practical guide to network penetration testing — host discovery, service enumeration, vulnerability exploitation, credential attacks, and pivoting through segmented networks.
A structured guide to Active Directory attack techniques — from BloodHound enumeration through Kerberoasting, LSASS dumping, ADCS abuse, and Shadow Credentials to Entra ID pivot. Every technique with detection coverage.
APIs are the most exploited attack surface in 2026. Learn how attackers abuse JWT tokens, OAuth flows, and GraphQL endpoints — and how to stop them.
How to systematically map an organization's attack surface using open-source intelligence — domains, infrastructure, employees, leaked credentials, and exposed secrets.
A step-by-step debrief of a real-world red team engagement — from passive OSINT through AiTM phishing, EDR evasion, and ADCS exploitation to full domain compromise. What worked, what didn't, and what would have stopped us.
A hands-on red team guide to BloodHound CE — from SharpHound data collection to reading attack paths and finding the fastest route to Domain Admin in Active Directory.
Active Directory Certificate Services is installed in most enterprise networks — and almost always misconfigured. Here's how attackers exploit ESC1 through ESC8 with Certipy, and how to detect and stop them.
Advanced web application security testing techniques covering modern frameworks, API exploitation, authentication bypass, and real-world attack scenarios for 2026