16 articles
Active Directory Certificate Services is installed in most enterprise networks — and almost always misconfigured. Here's how attackers exploit ESC1 through ESC8 with Certipy, and how to detect and stop them.
79% of attacks in 2024 used no malware at all. Attackers abuse Windows' own built-in tools — certutil, mshta, rundll32 — to execute code and evade detection. Here's the full attack playbook and how to detect it.
MFA is no longer enough to protect Microsoft Entra ID accounts. Attackers steal tokens, register their own devices, and bypass Conditional Access — without ever touching a password. Here's the full attack chain and how to detect it.
Salt Typhoon is the worst telecom breach in history. The Chinese APT stayed hidden for years inside AT&T, Verizon and T-Mobile. Here's the full attack chain, the tools they used, and the detection opportunities blue teams missed.
Unicode's invisible characters are being weaponized — hiding malicious code in repositories, hijacking AI agents, and bypassing security reviews without leaving a trace visible to human eyes.
Qualys TRU disclosed nine confused deputy vulnerabilities in Linux AppArmor — exposing 12.6 million servers to root escalation, KASLR bypass, and container isolation collapse. Technical deep dive and detection guide.
CVE-2026-0866 — a single two-byte header manipulation causes 50 of 51 AV engines to scan compressed noise instead of the actual payload. Technical breakdown, attack scenarios, and detection.
A comprehensive analysis of Kerberoasting — how it works at the protocol level, detection opportunities, and hardening strategies for Active Directory environments.
A technical deep dive into Starkiller and PowerShell Empire — how red teams deploy and operate it, and exactly how defenders can detect and disrupt it.
A complete purple team walkthrough of Active Directory attack chains — from initial foothold through Kerberoasting, DCSync, and Golden Tickets to full domain compromise, with detection rules for every technique.
A survey of LSASS credential dumping methods from MiniDump to direct syscalls, with detection logic for each technique.
A practical guide to building a purple team program using only free, open-source tools. Covers Atomic Red Team, MITRE Caldera, Sigma rules, Wazuh, and VECTR with real setup examples.
80% of top MITRE ATT&CK techniques now focus on evasion and persistence. Attackers abandoned smash-and-grab for long-term parasitic operations in networks.
A Chrome extension for local file scanning and secrets detection. No cloud uploads, instant analysis, useful for security audits and pentesting workflows.
How we built an open-source pentesting tool that exposes the forgotten attack surface in corporate networks - printers.
Advanced web application security testing techniques covering modern frameworks, API exploitation, authentication bypass, and real-world attack scenarios for 2026