Technical
Resources Blog

Technical

Keep up to date with the latest offensive security news, knowledge, and resources.
The Human Touch in the Era of AI: Why Pentesting Still Needs a Human in the Loop

The Human Touch in the Era of AI: Why Pentesting Still Needs a Human in the Loop

AI accelerates pentesting but human judgement close the gap. See how two real engagements turned quiet banners and a single timestamp into critical findings.
Self-Propagating XSS: When Widget Frameworks Become Worm Vectors in Multi-Tenant Platforms

Self-Propagating XSS: When Widget Frameworks Become Worm Vectors in Multi-Tenant Platforms

Discover how a self-propagating XSS worm exploits multi-tenant widget frameworks to autonomously spread across enterprise applications using legitimate API calls, bypassing CSP, evading audit trails, and surviving password changes.
Hook, Line, and Server

Hook, Line, and Server

MFA doesn't stop session cookie replay. Endpoint detection doesn't catch fileless malware without behavioral analysis. Here's the full post-phishing kill chain and what actually stops it.
Cracking NTLMv1 SSP With Rainbow Tables

Cracking NTLMv1 SSP With Rainbow Tables

Step-by-step walkthrough of cracking NTLMv1-SSP hashes with rainbow tables, including how to coerce auth, disable ESS, recover NT hashes, and remediate.
Vulnerability Hunting a Retired App Part 2 - From File Write to SYSTEM

Vulnerability Hunting a Retired App Part 2 - From File Write to SYSTEM

Discover how an unsanitized file write endpoint in Omega Enterprise Gateway escalates to SYSTEM-level code execution and what dead code reveals about real-world security bugs.
Context Is The Attack Surface

Context Is The Attack Surface

A successful prompt hack looks like your system working correctly for someone else. The mechanism that makes this possible is the same one you’re paying for.
1 2 3 4 5