Commit → Build → Pwn: Offensive Tradecraft for CI/CD Pipelines
Modern applications don’t get compromised in production. They get owned long before the first deployment tag is pushed. The Forgotten Attack Surface […]
Offensive Operations with AI: Using AI-Orchestrated Reconnaissance in Real Assessments
Introduction Offensive operations have always involved a lot of manual labour. Enumeration, correlation, attack surface analysis, and hypothesis testing often take more […]
When Passwordless Falls Back: Offensive Techniques Against Passkeys
INTRODUCTION A passkey is a cryptographic authentication credential that replaces passwords using public-key cryptography. More concretely: A passkey consists of a public–private […]
Weaponizing Legitimate Flows: OAuth Token Abuse and Device Join Exploitation in Microsoft Entra ID – Part1
Weaponizing Legitimate Flows: OAuth Token Abuse and Device Join Exploitation in Microsoft Entra ID – Part 1 Modern enterprise identity platforms like […]
The Anatomy of a Beacon Object File: From COFF Compilation to In-Memory Execution
The Anatomy of a Beacon Object File: From COFF Compilation to In-Memory Execution Introduction In modern red team operations, stealth is not […]
Cloud Security on Infinity : Attack-to-Defense Learning
Cloud Security on Infinity : Attack-to-Defense Learning Introduction: The Infinity Platform Infinity is a hands-on cybersecurity learning platform designed to reflect how […]
Kerberos Demystified: How It Works, Why It Matters, and How to Defend Against Attacks
Kerberos Demystified: How It Works, Why It Matters, and How to Defend Against Attacks What is Kerberos? Kerberos is like a digital […]
Hack to Protect: The Art of Ethical Hacking
Hack to Protect: The Art of Ethical Hacking Introduction: Why Ethical Hacking Matters Think of ethical hacking as having a cybersecurity expert […]
Lateral Movement: A Guide to Multi-Hop Pivoting with Ligolo-ng
Modern networks are no longer flat or openly exposed. Sensitive systems are hidden deep behind layers of segmentation, making direct access nearly […]
Deploying DOTL: Turning Deception into Detection | Part-1
Deploying DOTL: Turning Deception into Detection | Part-1 Introduction: From Concept to Implementation In our first blog, we talked about how attackers […]
Outsmarting LOTL Attacks with DOTL: A Smarter Approach to Cyber Defense
Outsmarting LOTL Attacks with DOTL: A Smarter Approach to Cyber Defense Introduction Earlier cyberattacks mostly relied on external malware, custom-built tools or […]
Uncovering APT Strategies for Cloud Initial Access
Uncovering APT Strategies for Cloud Initial Access OVERVIEW As enterprises increasingly adopt hybrid or multi-cloud environments, adversaries have begun targeting these infrastructures […]
