Offensive research, threat analysis, and war stories from the field. No fluff. No vendor marketing.
How modern endpoint detection and response products handle userland hooking — and why indirect syscalls remain one of the most reliable bypasses in our toolkit.
Read article →A deep-dive into a previously undocumented threat actor targeting French defence contractors, including full IOC list, C2 infrastructure analysis and MITRE ATT&CK mapping.
Read article →GraphQL's batching feature is almost universally misconfigured. We walk through how we used it to enumerate users, bypass rate limiting and eventually achieve account takeover.
Read article →