Why Enterprise VPN and Gateway Products Are Perpetually Broken
Ivanti, Fortinet, Palo Alto — the names change but the pattern doesn't. Here's the structural reason why enterprise edge devices are permanently on fire and what you can do about it.
Red Team
17 articles
ADCS Abuse with Certipy: From Low-Priv User to Domain Admin via Certificate Services
Active Directory Certificate Services is installed in most enterprise networks — and almost always misconfigured. Here's how attackers exploit ESC1 through ESC8 with Certipy, and how to detect and stop them.
LOLBins in 2026: How Attackers Use Windows Against Itself
79% of attacks in 2024 used no malware at all. Attackers abuse Windows' own built-in tools — certutil, mshta, rundll32 — to execute code and evade detection. Here's the full attack playbook and how to detect it.
Entra ID Attacks in Practice: Device Code Phishing, PRT Theft, and Conditional Access Bypass
MFA is no longer enough to protect Microsoft Entra ID accounts. Attackers steal tokens, register their own devices, and bypass Conditional Access — without ever touching a password. Here's the full attack chain and how to detect it.
Salt Typhoon: How China Hacked the World's Largest Telecoms — And How It Could Have Been Detected
Salt Typhoon is the worst telecom breach in history. The Chinese APT stayed hidden for years inside AT&T, Verizon and T-Mobile. Here's the full attack chain, the tools they used, and the detection opportunities blue teams missed.
Invisible Characters as an Attack Vector
Unicode's invisible characters are being weaponized — hiding malicious code in repositories, hijacking AI agents, and bypassing security reviews without leaving a trace visible to human eyes.
CrackArmor: Nine AppArmor Flaws That Let Attackers Own the Kernel
Qualys TRU disclosed nine confused deputy vulnerabilities in Linux AppArmor — exposing 12.6 million servers to root escalation, KASLR bypass, and container isolation collapse. Technical deep dive and detection guide.
Zombie ZIP: How a Malformed Archive Header Blinds 98% of Antivirus Engines
CVE-2026-0866 — a single two-byte header manipulation causes 50 of 51 AV engines to scan compressed noise instead of the actual payload. Technical breakdown, attack scenarios, and detection.
Kerberoasting: A Deep Dive into Service Account Attacks
A comprehensive analysis of Kerberoasting — how it works at the protocol level, detection opportunities, and hardening strategies for Active Directory environments.
Starkiller: Inside Empire's C2 GUI — Red Team Playbook and Blue Team Detection
A technical deep dive into Starkiller and PowerShell Empire — how red teams deploy and operate it, and exactly how defenders can detect and disrupt it.
AD Attack Chains: From Initial Access to Domain Admin — And How to Detect Every Step
A complete purple team walkthrough of Active Directory attack chains — from initial foothold through Kerberoasting, DCSync, and Golden Tickets to full domain compromise, with detection rules for every technique.
LSASS Dumping: Techniques, Evasion, and Detection
A survey of LSASS credential dumping methods from MiniDump to direct syscalls, with detection logic for each technique.
Purple Teaming on a Budget: Free Tools and Frameworks That Actually Work
A practical guide to building a purple team program using only free, open-source tools. Covers Atomic Red Team, MITRE Caldera, Sigma rules, Wazuh, and VECTR with real setup examples.
The Digital Parasite: How Attacker Tradecraft Evolved in 2026
80% of top MITRE ATT&CK techniques now focus on evasion and persistence. Attackers abandoned smash-and-grab for long-term parasitic operations in networks.
Client-Side File Analysis with Directory Tool Pro
A Chrome extension for local file scanning and secrets detection. No cloud uploads, instant analysis, useful for security audits and pentesting workflows.
PSO - When Printers Become the Pentester's Blindspot
How we built an open-source pentesting tool that exposes the forgotten attack surface in corporate networks - printers.
Web Application Penetration Testing 2026: Beyond OWASP Top 10
Advanced web application security testing techniques covering modern frameworks, API exploitation, authentication bypass, and real-world attack scenarios for 2026