Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Why is this Finding on my Pentest Report?
Understanding the Value of Findings Clients Often QuestionIn some report readouts, we may encounter situations where a client looks at a web application report…
Hiding in the Shadows: Covert Tunnels via QEMU Virtualization
Attackers are getting increasingly creative—not just with their payloads, but with how they deliver and operate them. In a recent Incident Response engagement,…
HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All
Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…
Azure's Front Door WAF WTF: IP Restriction Bypass
The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide
In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…
NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”
As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…
Attacking JWT using X509 Certificates
Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs
Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop…
Hunting Deserialization Vulnerabilities With Claude
In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…
Common Mobile Device Threat Vectors
Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…
Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?
Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could…
Why is this Finding on my Pentest Report?
Understanding the Value of Findings Clients Often QuestionIn some report readouts, we may encounter situations where a client looks at a web application report…
Hiding in the Shadows: Covert Tunnels via QEMU Virtualization
Attackers are getting increasingly creative—not just with their payloads, but with how they deliver and operate them. In a recent Incident Response engagement,…
HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All
Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…
Azure's Front Door WAF WTF: IP Restriction Bypass
The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide
In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…
NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”
As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…
Attacking JWT using X509 Certificates
Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs
Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop…
Hunting Deserialization Vulnerabilities With Claude
In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…
Common Mobile Device Threat Vectors
Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…
Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?
Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could…