Technical deep-dives into vulnerabilities, offensive techniques, and the lessons we've carried out of real engagements.
All notes
A deep dive into unconstrained Kerberos delegation abuse — how we leveraged a misconfigured print server to capture a Domain Controller TGT and achieve full domain compromise in under 4 hours.
How a blind SSRF in a document processing API allowed us to reach the cloud metadata endpoint, steal IAM credentials, and achieve remote code execution on internal infrastructure.
GraphQL APIs introduce unique security challenges. We cover the five most common vulnerabilities we find during API pentests — from introspection leaks to nested query DoS attacks.
Despite advances in EDR and email security, initial access remains achievable. We share the techniques that consistently succeed during our red team engagements — and how defenders can stop them.
Certificate pinning is a common defense against MITM attacks on mobile apps. We demonstrate multiple bypass techniques across iOS and Android, and discuss what actually works for defenders.