Try new things. Bias towards novelty within the space of feasible solutions. Fight the impulse to copy designs verbatim. Every major system was just a half-baked idea in someone's head at some point.
Starred Articles
We introduce LLMReaper, a proof-of-concept Chrome extension demonstrating passive DOM-based exfiltration of AI conversations using MutationObserver, no special permissions, no network interception. Captured conversations are scanned in real-time for exposed API keys, OAuth tokens, JWTs, cloud credentials, and passwords, then exfiltrated via service worker to bypass Same-Origin Policy.
Mythos found a 17-year-old FreeBSD RCE; AISLE reproduced it with gpt-5.4-nano via their nano-analyzer pipeline. I ran the pipeline on two local open-weight models, gpt-oss-20b and gemma-4-31b-it. The misses recovered on re-run. The real problem was the false-positive rate, and one extra system stage cut it from 30 to 5 with the CVE still standing.
In this article, I will explain a vulnerability in Claude Code's GitHub Actions that could allow an attacker to compromise any repository that uses the Claude Code workflow, including Anthropic's own repositories.
Bypassing EDR in a Crystal Clear Way
04/27/2026This blog takes you from how C2 payloads actually work under the hood all the way to building a fully evasive reflective loader that bypasses one of the best EDR's, covering module overloading with .pdata registration, NtContinue entry transfer, API call stack spoofing with Draugr, sleep masking, and Crystal Palace YARA signature removal.
Codex Discovered a Hidden HTTP/2 Bomb
06/01/2026We’re publishing HTTP/2 Bomb, a remote denial-of-service exploit against most major web servers triggered by chaining two techniques known for a decade: a compression bomb and a Slowloris-style hold.
New Articles
This is Part 1 of a two-part series on Intune security hardening. This post covers what we have seen in real world attacks, why platform administration roles are systematically underprotected, and what controls you need in place.
Investigating suspicious AI workflows in Microsoft Entra Agent ID - Part 1: Autonomous agents
05/26/2026In this series, we will investigate three potentially suspicious behaviors originating from each of Microsoft’s Entra Agent ID supported agent workflow. This first part will focus on an autonomous agent made unauthorized changes to the Entra tenant that could be used to perform privilege escalation and persistence.
Tycoon 2FA bypasses MFA on Entra ID and Google Workspace. We map telemetry fingerprints, ship detection rules, and contain incidents in under 10 seconds.
We explain how to use an LLM‑driven with VirusTotal‑guided feedback loop to automatically hunt and modify the strings, imports, and Go runtime metadata that trigger EDR detections. By treating VT results as an oracle and iterating with a Claude skill, we transform a flagged binary into a clean‑looking one without manual code rewrites.
Password Autofill Abused via HTML Injection
05/31/2026We detail how we turned a reflected HTML injection under a strict CSP into full credential theft by chaining password autofill with Referer header leakage.
Download pumping: How threat actors use new npm deception technique in supply chain attacks
05/27/2026In this article, we explain how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.
When tracing a route, devices reveal their interface addresses: a router whose TTL expires sends ICMP Time Exceeded, while the destination host replies to the probe itself with ICMP Destination Unreachable, SYN-ACK, or TCP RST, depending on its type. We leverage these behaviours to optimize network scanning and map subnets behind filters.
Breaking encryption schemes the lazy way
05/27/2026File name decryption with Claude Code: how encrypted file names were reverse-engineered in a DragonForce ransomware case.
We detail a real‑world exploit in which a Next.js app mirrors incoming request headers into its responses; by abusing the RSC endpoint, overriding the Content‑Type to text/html, and poisoning the Cloudflare cache, we chain two cache‑poisoning steps (one injecting a malicious HTML payload, the other using a Refresh header) to achieve a reliable zero‑click stored XSS.
The Lowdown on Lateral Movement
05/27/2026The aim of this blog post is to highlight the lateral movement ATT&CK category as one that presents network defenders with a myriad of issues in the context of threat detection and response. Although difficult to wrangle, using data source analysis combined with intelligent alerts, authentication and network layer telemetry, network defenders posses the necessary tools required to identify and act on malicious lateral movement.
Security research on a local event-storm condition that makes Trend Micro Deep Security Agent unload and reload bmhook/tmhook, creating a repeatable protection bypass window.
A vulnerability in VSCode WebView makes it possible for an, attaxcker, just by clicking a link, to steal a GitHub token that can read and write to your repos, including private ones.
We detail CIFSwitch (CVE‑2026‑46243), a Linux local‑privilege‑escalation flaw in the CIFS kernel client’s handling of cifs.spnego key descriptions: an unprivileged process can forge a key description that launches the privileged cifs.upcall helper, forces it into an attacker‑controlled namespace, and loads malicious NSS modules to obtain root
A reverse-engineering writeup on turning Lenovo's published BIOS archive into something structured enough to drive coreboot ports, Hackintosh skeletons, GPIO security audits, and CVE-level firmware diffs - without owning the hardware, and without folklore.
CVE-2026-4387: StrongDM State File Reuse
05/31/2026We detail CVE-2026-4387, a vulnerability in StrongDM that would allow an attacker to transfer state files, which hold session authentication information, between hosts to provide authenticated sessions. Reusing the state file will result in an authenticated session and access to infrastructure.
Bypassing Windows Defender and AMSI: A Practical Defense Evasion Guide for Red Team Operators
06/01/2026A practical, layer-by-layer walkthrough of modern Windows defense evasion for red team operators: the architecture of Microsoft Defender, three generations of AMSI bypass (classic patching, hardware breakpoints, AMSI Write Raid), ETW silencing, AppLocker bypass with built-in LOLBins, and how to stitch them into a working kill chain - plus what blue teams can still detect.
Local Windows accounts remain a challenge during incident response. This blog details the steps to build a single script that will help responding to incidents in which local accounts are used in the attach chain.
We found that the same NTLM leakage primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. A single link click can leak a user's NTLMv2 hash to an attacker-controlled server before Windows even renders an error message.
We identified a dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organizations identify and disrupt related activity.
How to Evaluate an npm Package
05/28/2026Stars and downloads tell you about popularity, not safety. Here's a practical checklist for evaluating an npm package's security, reliability, and long-term maintenance in 2026.
CVE-2026-31431 (Copy Fail) lets any unprivileged user corrupt the Linux page cache via AF_ALG sockets to escalate privileges. This post covers the exploit mechanics and how we used coding agents to ship a detection content pack in a single session.
Nimbus RAT: How Threat Actors Are Abusing Microsoft Teams and Google Drive to Deploy a Java RAT
05/28/2026We identified an intrusion relying on Microsoft Teams voice phishing (vishing) to deceive the victim into granting remote access via Quick Assist. Threat actor then deployed a Java-based remote access trojan (RAT).
The plugin that lets Kubernetes encrypt its Secret objects at rest with AWS KMS could be crashed by anyone who could talk to its local socket with a two-byte gRPC request
In this post, I want to walk through a request smuggling bug chain affecting Azure Front Door. Using a malformed or confusing GET request, a smuggled Host header, and Azure's own error page rendering, it leads to caching an XSS payload that would be delivered to the next user.
Installation of a Syslog Log Collector
05/24/2026We provide step-by-step guidelines to setup a fully functionnal Syslog Log Collector relying on rsyslog, syslog-ng, logstash, filebeat, elastic agent and vector.
RedSun: Exploiting Windows Defender's Remediation Workflow for Local Privilege Escalation
05/31/2026A technical deepdive into RedSun (CVE-2026-41091), a local privilege escalation vulnerability in Windows Defender's file remediation workflow.
Sliver into WebAssembly: Inside WasmForge
06/03/2026In this article, we expose how compiling Sliver into WebAssembly beats EDR and introduce WasmForge, a tool that produces opsec-safe binaries with zero changes to the tool source.
We explain how LLMs use control tokens, instruction hierarchy, and prompt templates to power agentic AI systems, and how attackers exploit these same mechanisms through prompt injection and control token spoofing.
Oldies but Goodies
A simple, real-world guide to understanding OAuth, its key players, grant types, token flows, and security pitfalls developers often miss.
From MFA enforcement to token handling and misconfiguration checks, this guide walks you through how to secure your Auth0 apps against real-world attacks.
Testing WebSocket for Vulnerabilites
10/14/2025A practical guide to understanding WebSockets, from the initial HTTP handshake to building full-duplex connections, and the critical vulnerabilities that developers and pentesters must look for.