Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Large Workflows with Local LLMs
As it turns out, local LLMs have a few opinions about large workflows. In this blog, we walk through the scaling challenges of local LLMs and the custom Python…
Modern Web Application Content Discovery
Staring at a web app with no links and no navigation? In this blog, we break down modern content discovery, from forced browsing and web crawling to Google…
JQ for Hackers
Grey-bearded hackers and sysadmins still reaching for cut and CSV files, this one's for you. In this blog, we break down jq and why it's time to embrace JSON.
JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants
JavaScript escaped the browser. JS-Tap v3 followed it. In this blog, we introduce three new beacons targeting the Electron apps, browser extensions, and Node…
Hardening Intune: The Implementation Guide
Now that we've identified the blind spot, here's how to fix it. In Part 2 of our blog series, we deliver a phase-based implementation guide to hardening…
How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking the Perfect Purple Team
Your analysts are your strongest defenders, but do they have what they need to keep up? In this blog, we break down TrustedSec's Purple Team assessments and…
The Privileged Roles Nobody Talks About
MDM admins can deploy apps, or wipe every device in your fleet. Yet most treat them like standard IT roles. In Part 1 of this blog series, we break down the…
CMMC Conditional Status - Contracting Without Compliance
CMMC Conditional Status gives defense contractors breathing room, exactly 180 days of it. In this blog, we break down who qualifies, what's required to achieve…
PCI DSS, Telephone Payments, and the Problems With VoIP
Turns out your VoIP system has some opinions about your PCI DSS compliance. Director of Advisory Services Chris Camejo breaks down who's affected and how to…
Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem
Same worm, different wave. In our new blog, Director of Security Intelligence Carlos Perez covers Shai-Hulud, how this supply-chain malware can eat your whole…
Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows
1.1 IntroductionRalph is a solid tool that makes agents do…more. It's defined as: an autonomous AI agent loop that runs repeatedly until all PRD items are…
Finding Your Way on the Passkey Path
Ready to ditch passwords for good, but not sure where to start? Introducing Passkey Path, a choose-your-own-adventure guide to transitioning from passwords to…
Loading...