The Adversarial AI Playbook: Breaking Spam Filters Through Model Extraction
Introduction Machine learning has become a cornerstone of modern cybersecurity defenses. From email filtering to malware detection, organizations increasingly rely on AI […]
Detecting M365 Attacks Using Microsoft Purview & UAL Logs
Detecting M365 Attacks Using Microsoft Purview & UAL Logs The diagram above illustrates the end-to-end pipeline for M365 attack detection: native M365 […]
Weaponizing Legitimate Flows: OAuth Token Abuse and Device Join Exploitation in Microsoft Entra ID – Part 2
Weaponizing Legitimate Flows: OAuth Token Abuse and Device Join Exploitation in Microsoft Entra ID – Part 2 Keywords: [OAuth Token Abuse, Device […]
Commit → Build → Pwn: Offensive Tradecraft for CI/CD Pipelines
Modern applications don’t get compromised in production. They get owned long before the first deployment tag is pushed. The Forgotten Attack Surface […]
Offensive Operations with AI: Using AI-Orchestrated Reconnaissance in Real Assessments
Introduction Offensive operations have always involved a lot of manual labour. Enumeration, correlation, attack surface analysis, and hypothesis testing often take more […]
When Passwordless Falls Back: Offensive Techniques Against Passkeys
INTRODUCTION A passkey is a cryptographic authentication credential that replaces passwords using public-key cryptography. More concretely: A passkey consists of a public–private […]
Weaponizing Legitimate Flows: OAuth Token Abuse and Device Join Exploitation in Microsoft Entra ID – Part1
Weaponizing Legitimate Flows: OAuth Token Abuse and Device Join Exploitation in Microsoft Entra ID – Part 1 Modern enterprise identity platforms like […]
The Anatomy of a Beacon Object File: From COFF Compilation to In-Memory Execution
The Anatomy of a Beacon Object File: From COFF Compilation to In-Memory Execution Introduction In modern red team operations, stealth is not […]
Cloud Security on Infinity : Attack-to-Defense Learning
Cloud Security on Infinity : Attack-to-Defense Learning Introduction: The Infinity Platform Infinity is a hands-on cybersecurity learning platform designed to reflect how […]
Become an Active Directory Red Team Specialist: Inside the AD-RTS Course
Become an Active Directory Red Team Specialist: Inside the AD-RTS Course Overview Active Directory powers identity, authentication and authorization across most enterprises […]
Defending the Future: Direct Prompt Injection & the LLM Vault Breach Challenge
Defending the Future: Direct Prompt Injection & the LLM Vault Breach Challenge Introduction Discover the fascinating world of direct prompt injection, a […]
Kerberos Demystified: How It Works, Why It Matters, and How to Defend Against Attacks
Kerberos Demystified: How It Works, Why It Matters, and How to Defend Against Attacks What is Kerberos? Kerberos is like a digital […]







































