Blog

Research & Insights

Technical deep-dives into vulnerabilities, offensive techniques, and lessons learned from real-world security engagements.

FeaturedWeb Security

Breaking JWT Authentication: Algorithm Confusion Attacks in the Wild

We walk through a real-world JWT algorithm confusion vulnerability that allowed us to forge admin tokens on a multi-tenant SaaS platform, bypassing authentication for 2,400+ organizations.

12 min readRead full article

All Posts

Active Directory15 min read

From Print Server to Domain Admin: Kerberos Delegation Abuse

A deep dive into unconstrained Kerberos delegation abuse — how we leveraged a misconfigured print server to capture a Domain Controller TGT and achieve full domain compromise in under 4 hours.

Read more
Cloud Security10 min read

SSRF to RCE: Exploiting Cloud Metadata Services in Production

How a blind SSRF in a document processing API allowed us to reach the cloud metadata endpoint, steal IAM credentials, and achieve remote code execution on internal infrastructure.

Read more
API Security8 min read

GraphQL Under Siege: 5 Critical API Security Pitfalls

GraphQL APIs introduce unique security challenges. We cover the five most common vulnerabilities we find during API pentests — from introspection leaks to nested query DoS attacks.

Read more
Red Team14 min read

Red Team Playbook: Initial Access Techniques That Still Work in 2026

Despite advances in EDR and email security, initial access remains achievable. We share the techniques that consistently succeed during our red team engagements — and how defenders can stop them.

Read more
Mobile Security11 min read

Bypassing Certificate Pinning in Modern Mobile Applications

Certificate pinning is a common defense against MITM attacks on mobile apps. We demonstrate multiple bypass techniques across iOS and Android, and discuss what actually works for defenders.

Read more

Need a security assessment?

Our research informs our offensive services. Let us put this expertise to work testing your defenses.

Get in Touch