Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
The Privileged Roles Nobody Talks About
Part 1: Why Your MDM Platform is a Tier 0 AssetThis is Part 1 of a two-part series on Intune security hardening. This post covers what we have seen in real…
CMMC Conditional Status - Contracting Without Compliance
The CMMC rollout is progressing. Contracts that require a CMMC Level 2 (Self) self-assessment have been circulating since the start of Phase 1 in November…
PCI DSS, Telephone Payments, and the Problems With VoIP
Turns out your VoIP system has some opinions about your PCI DSS compliance. Director of Advisory Services Chris Camejo breaks down who's affected and how to…
Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem
Same worm, different wave. In our new blog, Director of Security Intelligence Carlos Perez covers Shai-Hulud, how this supply-chain malware can eat your whole…
Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows
1.1 IntroductionRalph is a solid tool that makes agents do…more. It's defined as: an autonomous AI agent loop that runs repeatedly until all PRD items are…
Finding Your Way on the Passkey Path
Ready to ditch passwords for good, but not sure where to start? Introducing Passkey Path, a choose-your-own-adventure guide to transitioning from passwords to…
Slamming the Door on Quick Assist Tech Support Scams and Abuse
Tech support scams are simple by design—just a trusted tool and a convincing story. We break down Microsoft Windows Quick Assist as an attack vector, detection…
GRC in an AI World - Staying in the Fast Lane Without Losing the Race!
Artificial Intelligence (AI) is the new buzz word on the streets. It’s becoming “the best thing since sliced bread” in the IT world and is being used by…
The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the End of Opaque Defense
Everyone is talking about LLMs finding zero days. That is not the only story. The story is what happens when you point these models at the defensive tools…
ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relay
TL;DR - If you have WriteGPLink on an Active Directory Organizational Unit (OU) and you’re on the same network segment as a computer within that OU, you can…
Kerberos with Titanis
In this article, I’ll walk you through the basics of Kerberos, how to use Titanis for the different parts, and how to mitigate some problems.Titanis SetupI use…
Mythos, Memory Loss, and the Part InfoSec Keeps Missing
InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like…
Loading...