AI Agents: Clippy With Root Access
There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. They’re being sold as tireless assistants that can plan, decide, and execute tasks like your own personal assistant. But unlike traditional automation, these agents don’t just follow scripts. They ...
Continue Reading
Evaluating AI Language Tutors Through a Security Lens
Evaluating AI Language Tutors Through a Security Lens Over the past year or so, I have seen a ...
Continue Reading
Rolling for Resilience Part 3: Battle Prep - The Scrolls of Response
This is the third post in this series addressing my perspective on the current state of ...
Continue Reading
Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
This is the second post in this series. Part I can be found here.
Continue Reading
Extract Secrets from Multiple Configuration Files Using Vim
You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
Continue Reading
Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
An Introduction to Active Directory Certificate Services (AD CS) I am still pretty new to ...
Continue Reading
No Broadcast Traffic? No Problem! - NetExec SMB Slinky Module
As pentesters, tools such as Responder and Ntlmrelayx are great tools for capturing hashes or ...
Continue Reading
Annual Pentests Aren't Cutting It Anymore: Why Continuous Testing Beats Scrambling at Renewal Time
Let's be honest about something: if you're still relying on that once-a-year penetration test to ...
Continue Reading
Quantum Leaping Through Data: Preparing for the Quantum Encryption Transition
best practices |
compliance |
risk assessment |
NIST |
CISA
Quantum computing and its implications for cryptography isn't a new discussion. Security ...
Continue Reading
Your Risk Framework Is Broken: The Al Reality Check Every CISO Needs
Every risk management framework in cybersecurity relies on the same fundamental equation: Risk = ...
Continue Reading
Rolling for Resilience Part 2: The Communication Gauntlet
This is the second post in this series addressing my perspective on the current state of ...
Continue Reading
-1.png)
Bypassing Browser PDF Security: Using Embedded JavaScript Forms for Social Engineering
I can say that, since I started my journey at Secure Ideas, I’ve felt extremely fortunate. Not only ...
Continue Reading