The AI Arms Race Just Went Public: What Project Glasswing Means for You
Anthropic's announcement this week isn't just a product launch. It's a public acknowledgment that the rules of cybersecurity have fundamentally changed — and the window to respond is narrow. On April 7th, Anthropic announced Project Glasswing, an initiative to give select organizations early access ...
Continue Reading
The Secret Handshake – Covertly Redirecting Mobile Traffic to a Different Backend
Burp Suite |
penetration testing |
application security |
best practices |
mobile application testing
Normally while performing iOS or Android mobile application penetration tests, we request a custom ...
Continue Reading
Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
In Part 2, ESC1 – No One, Yet Everyone, we examined a misconfiguration that allows a low-privileged ...
Continue Reading
Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
“ Power in Active Directory, much like power in Westeros, often changes hands not through force, ...
Continue Reading
Supply Chain Security: Trust Is the New Attack Surface
In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
Continue Reading
Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
Continue Reading
AI Agents: Clippy With Root Access
There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
Continue Reading
Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
This is the second post in this series. Part I can be found here.
Continue Reading
Extract Secrets from Multiple Configuration Files Using Vim
You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
Continue Reading
Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
An Introduction to Active Directory Certificate Services (AD CS) I am still pretty new to ...
Continue Reading
No Broadcast Traffic? No Problem! - NetExec SMB Slinky Module
As pentesters, tools such as Responder and Ntlmrelayx are great tools for capturing hashes or ...
Continue Reading
Annual Pentests Aren't Cutting It Anymore: Why Continuous Testing Beats Scrambling at Renewal Time
Let's be honest about something: if you're still relying on that once-a-year penetration test to ...
Continue Reading