Supply Chain Security: Trust Is the New Attack Surface
In February 2026, while participating in a panel at IT Expo, one statement kept resonating throughout the discussion: most breaches today don’t start at the perimeter, they do start with abused trust. For years, we invested heavily in defending the edge using mechanisms like firewalls, ...
Continue Reading
SaaS Sprawl, Identity, and the Illusion of Control
While participating in the SaaS Sprawl and Shared Responsibility: Regaining Control and Assuring ...
Continue Reading
Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
Continue Reading
AI Agents: Clippy With Root Access
There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
Continue Reading
Evaluating AI Language Tutors Through a Security Lens
Evaluating AI Language Tutors Through a Security Lens Over the past year or so, I have seen a ...
Continue Reading
Rolling for Resilience Part 3: Battle Prep - The Scrolls of Response
This is the third post in this series addressing my perspective on the current state of ...
Continue Reading
Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
This is the second post in this series. Part I can be found here.
Continue Reading
Extract Secrets from Multiple Configuration Files Using Vim
You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
Continue Reading
Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
An Introduction to Active Directory Certificate Services (AD CS) I am still pretty new to ...
Continue Reading
No Broadcast Traffic? No Problem! - NetExec SMB Slinky Module
As pentesters, tools such as Responder and Ntlmrelayx are great tools for capturing hashes or ...
Continue Reading
Annual Pentests Aren't Cutting It Anymore: Why Continuous Testing Beats Scrambling at Renewal Time
Let's be honest about something: if you're still relying on that once-a-year penetration test to ...
Continue Reading
Quantum Leaping Through Data: Preparing for the Quantum Encryption Transition
best practices |
compliance |
risk assessment |
NIST |
CISA
Quantum computing and its implications for cryptography isn't a new discussion. Security ...
Continue Reading