PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
The Illusion of Security In many organizations, there is a quiet confidence in the state of Security. Teams patch systems, complete vulnerability scans on schedule, and perform annual assessments with diligence. Reports are delivered, reviewed, and ultimately filed away as evidence that the right ...
Continue Reading
The AI Arms Race Just Went Public: What Project Glasswing Means for You
Anthropic's announcement this week isn't just a product launch. It's a public acknowledgment that ...
Continue Reading
The Secret Handshake – Covertly Redirecting Mobile Traffic to a Different Backend
Burp Suite |
penetration testing |
application security |
best practices |
mobile application testing
Normally while performing iOS or Android mobile application penetration tests, we request a custom ...
Continue Reading
Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
In Part 2, ESC1 – No One, Yet Everyone, we examined a misconfiguration that allows a low-privileged ...
Continue Reading
Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
“ Power in Active Directory, much like power in Westeros, often changes hands not through force, ...
Continue Reading
Supply Chain Security: Trust Is the New Attack Surface
In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
Continue Reading
Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
Continue Reading
AI Agents: Clippy With Root Access
There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
Continue Reading
Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
This is the second post in this series. Part I can be found here.
Continue Reading
Extract Secrets from Multiple Configuration Files Using Vim
You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
Continue Reading
Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
An Introduction to Active Directory Certificate Services (AD CS) I am still pretty new to ...
Continue Reading
No Broadcast Traffic? No Problem! - NetExec SMB Slinky Module
As pentesters, tools such as Responder and Ntlmrelayx are great tools for capturing hashes or ...
Continue Reading