Security Research & Insights
Technical deep-dives, vulnerability research, and insights from our offensive security experts.
CVE-2026-32096: When Documentation Becomes the Vulnerability
How insecure SNS subscription confirmation patterns in docs and sample code can lead to SSRF, and how that pattern led to CVE-2026-32096 in Plunk.
HITRUST Security for AI Systems (ai2): Requirements, Threats, and Web App Testing
HITRUST’s Security for AI Systems add-on layers ai1 or ai2 onto your CSF assessment: up to dozens of tailored AI statements. Here’s what that means for deployed GenAI, what assessors look for, and how to test AI-enabled web apps beyond a normal pen test.
Guardrails, Not Gatekeepers: How Platform Security Scales with Engineering
Platform security scales when you ship security guardrails and paved roads—not approval queues. Here’s how a shift left security platform team uses self-service controls, policy-as-code, golden pipelines, and strong developer experience, plus what to automate first.
TRAIN: The Regulation of Artificial Intelligence Now (EU AI Act)
A readable guide to the EU AI Act for providers, deployers, and SMEs: risk classes, operator roles, GPAI and systemic risk, key compliance dates through 2027, regulatory sandboxes, and practical steps before August 2026.
Turns Out the ‘AI Won’t Take My Job’ Slide Was a Mistake
In 2023 I wrote a post about a sort-order oracle that leaks a redacted password hash. In 2026 I handed the same lab to Claude Code with zero hints and watched it find the whole bug in 2 minutes.
So You Put Your Secrets in GitHub. Bold Move.
GitHub Actions often holds the keys to your entire infrastructure, yet rarely gets the scrutiny it deserves. This post walks through the two main attack paths: clone-and-scan for secrets in repo content and history, and workflow injection to exfiltrate secrets at runtime. It also gives practical steps to lock down your pipelines before a leaked token becomes a full compromise.
C2 from Scratch Part 2: Server & Deployment
Routing commands through the server, building CLI and GUI operators, generating implants on-the-fly, and packaging everything with Docker.
C2 from Scratch Part 1: Architecture, mTLS & Rust
A deep dive into building Avocado C2: designing the communication protocol, implementing mutual TLS, and writing a cross-platform implant in Rust.
React2Shell for Serverless Lambda Functions
Existing scanners miss CVE-2025-55182 in serverless Lambda deployments. While traditional RCE is blocked by Webpack bundling, the vulnerability enables Server Side JavaScript Injection (SSJI) that can exfiltrate AWS credentials, often more dangerous than shell access in cloud environments.
2026: The Year of the Vibecode
An observation of how vibe coding is going to reshape software creation in 2026 and beyond, and how the entire software engineering role will be redefined in the age of AI systems.
GCP Service Account That Read Everything
A short story about Artifact Registry reader access, container images, and why build history quietly leaks secrets.
Hawk: Credential Harvesting in WRCCDC
How a tiny ptrace bird turned into a credential avalanche. The story of building Hawk, a lightweight Golang tool that silently intercepts SSH and sudo credentials in real time, and why it dominates in competitive red team exercises.
Why Tech Giants Stay Tech Giants
When an incident strikes, organizations turn to those who know best, those that do it best. This article provides a singular example of how despite any sort of bad press, Tech Giants stay Tech Giants for a reason.
The Anatomy of a Phishing Landing Page
A research-driven look into how attackers construct phishing landing pages that mimic Microsoft federated login portals, and what defenders can do about it.
Platform Security's Game of Cat and Mouse
A case study on the ToolShell SharePoint exploit chain, exploring how persistent zero-days, patch delays, and organizational gaps turn platform security into an endless pursuit between attacker and defender.
Redshift Authentication is a UX Dumpster Fire
Redshift authentication sounds simple until you try to make it secure and usable at scale. This post dives into the broken state of IAM, in-database users, and the messy tradeoffs data and platform teams face daily.
Modernization of Misinformation
An analysis of how misinformation spreads in the digital age, examining the recent 16 billion password dataset discovery and how media outlets distorted the facts for sensationalism and clicks.
Hosting at Scale for $4/mo
715k requests in a week on a $4 VPS. Here's how we pulled it off with Cloudflare, Kubernetes, and a little obsession with optimization.
How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed
A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Learn how AI is transforming vulnerability research and exploit development.
Ingress-NGINX RCE (CVE-2025-1974)
CVE-2025-1974 allows unauthenticated remote code execution in Kubernetes Ingress-NGINX by abusing unsanitized annotations. Dive deep into the vulnerability mechanics, proof-of-concept, real-world applicability, and mitigations.
Escaping the Sandbox: A Security Wake-Up
A case study on how a kernel vulnerability shattered assumptions about container security, exposing the need for deeper isolation and architectural redesign.
ML Evasion: Tricking AI Models
What is an evasion attack? How adversaries trick ML models with white-box, gray-box, black-box, and transfer attacks. Examples and code. From PlatformSecurity.
PCI DSS Pentesting: Requirements & Compliance
PCI DSS penetration testing: requirements, scope, who must comply, how to satisfy assessors. Requirement 11.3 explained. Practical guidance for PCI pentests.
How to Prepare for a Penetration Test
Get the most from your penetration testing engagement. A step by step guide to scope, access, contacts, and timing so your pen test delivers actionable results without surprises.
Pentesting vs Vulnerability Scanning: The Difference
Pentesting and vulnerability scanning are often confused. Learn the key differences, when to use each, and how they fit into a complete security program for networks, applications, and cloud.
Red vs Purple vs Blue Team: Which Do You Need?
Red team vs blue team vs purple team: what each does, when to use which, and how to choose. Compare offensive security, detection tuning, and when to get an assessment. Practical guide.
Cloud Security Checklist for CTOs
A practical cloud security checklist for technology leaders: what to fund first, how IAM, visibility, and blast-radius controls fit together, and how to avoid the usual multi-account and CI/CD traps—without pretending one afternoon of configuration fixes everything.
How to Choose a Security Company (and Avoid a Checkbox Pen Test)
A practical buyer’s guide to picking a security company that finds real risk, proves impact, and helps your engineers fix it—plus red flags, must-ask questions, and a scoping checklist.
Network Security for Modern Enterprise
Modern network security solutions go beyond firewalls. Explore zero trust, segmentation, and the importance of offensive testing in protecting enterprise infrastructure.
ZBT WE1626 Router CVEs (CVE-2022-45551)
A detailed analysis of three critical vulnerabilities discovered in the ZBT WE1626 Wireless Router, including unauthenticated remote code execution, insufficient debug interface protection, and UART interface vulnerabilities.
The Value of Offensive Security Services
Offensive security services help you find weaknesses before attackers do. Learn how penetration testing and red teaming provide measurable security improvements.
Building an AppSec Program (Part 1 of 4)
A comprehensive guide to building an application security program from the ground up, covering team structure, roles, metrics, KPIs, and best practices for scaling security with your organization.
Secure Systems Design: Best Practices
Building secure systems requires a proactive approach to architecture. Learn the core principles of security engineering and how to build resilience into your products.
Hawk's Prey: Snatching SSH Credentials
Introducing Hawk, a Golang tool for monitoring /proc to capture SSH, SU, Sudo, and Passwd credentials on Linux systems in real-time, designed for red team operations and network privilege escalation.
App Pentesting vs API Security Testing
Understand the differences between application penetration testing and API security testing. Learn why modern apps need both to protect against OWASP Top 10 and logic flaws.
RDS + AD Credentials via Python and JDBC
A guide to accessing hundreds of RDS databases at scale using Python, JDBC, and Active Directory credentials, with practical code examples and solutions.
Red Teaming in Incident Response
Red teaming services are not just about finding bugs. Learn how they help train your incident response team and improve your ability to detect and contain real world attacks.
NIST CSF 2.0: Updates and How to Prepare
Exploring the key updates in NIST CSF 2.0, including supply chain security, emerging technology risks, governance tiers, and enhanced risk management communication.
Hacking Android Apps With Frida
A practical guide to using Frida for dynamic analysis of Android applications, including how to intercept and extract AWS credentials from mobile apps.
Cloud Security Trends and Challenges in 2026
Explore the emerging trends in cloud security for 2026. From AI driven attacks to the importance of specialized cloud security services in protecting complex environments.
Pentesting for Startups: A Guide
Startups often put off security testing due to cost or speed. Learn why penetration testing is essential for early stage companies and how to scope a pen test that fits your budget.
Little Bug, Big Impact: $25K Bounty
How I discovered hardcoded Stripe API keys in JavaScript source maps, leading to a $25,000 bug bounty and critical security improvements.
Zero Day Research: Finding Unknown Vulns
Zero day research is the hunt for previously unknown security flaws. Learn how researchers find vulnerabilities and why this work is critical for securing modern software.
So You Found Auth0 Secrets, Now What?
A guide to exploiting Auth0 credentials discovered through LFI vulnerabilities, from generating JWT tokens to compromising Azure AD connections and escalating access.
Cyber Liability Insurance Cost Surge
Exploring the rising costs of cyber liability insurance, the data driving premium increases, and how organizations can navigate the complex landscape of cyber risk management.
Hacking SEO with AI-Generated Content
Learn how to leverage AI-generated content with GPT-4 and WordPress API to boost SEO rankings and drive traffic to your website through automated content creation.
DLL Sideloading: Legitimate Software Abused
How DLL sideloading works, how to find and abuse it, and how to detect it. Step-by-step Windows guide with Process Monitor and real red team examples.
Sorting Your Way to Stolen Passwords
A unique vulnerability that allows password hash extraction through sort-order inference, even when hashes are redacted, plus a character-by-character method to crack SHA256 hashes and a rate-limit-aware approach using rockyou.txt.
AWS CloudFormation Abuse to Full Environment Takeover
A detailed walkthrough of a privilege escalation attack chain exploiting AWS CloudFormation and IAM PassRole permissions to gain administrative access to an AWS environment.