Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.

Building a Detection Foundation: Part 4 - Sysmon
Filling the Gaps Native Logging Can'tAt this point in our series, we have Windows Security events capturing logon sessions and process creation, and…

Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found
Invisible password sprays. Invisible logins. Full tokens returned.Nyxgeek here. It's 2026 and I've got two more Azure Entra ID sign-in log bypasses…

Better Together: Combining Automation and Manual Testing
When I started working in mobile application security in 2018, most testing was still largely manual. Since then, the ecosystem has exploded with scanners,…

LnkMeMaybe - A Review of CVE-2026-25185
A Windows shortcut (.lnk) seems very simple on the surface. It is a file that points somewhere and tells the system to open or execute a resource. A shortcut…

Building a Detection Foundation: Part 3 - PowerShell and Script Logging
The Second Most Important Data Source You're Probably Not CapturingIn Part 2, we enabled process creation logging with command lines. That's a big…

Building a Detection Foundation: Part 2 - Windows Security Events
The Audit Policies Nobody ConfiguresIn Part 1, we looked at why relying on a single telemetry source is a recipe for blind spots. Now let's get practical.…

Building a Detection Foundation: Part 1 - The Single-Source Problem
If your EDR goes dark, can you still see the attack? In the part one of a five part series, we go through the risks of single-source visibility and why…

Notepad++ Plugins: Plug and Payload
Blink and you’ll miss it 🦎 In this blog, we explain how Notepad++ plugins can be leveraged for code execution and how to quietly blend into a trusted process.

Updated GSA Contractor CUI Protection Requirements
If you were expecting a CMMC-style rollout, GSA has other plans. In this blog, we explain how new CUI requirements can be inserted into GSA contracts…

Securing Entra ID Administration: Tier 0
Strong identity security starts at the top of the privilege stack. In this blog, we walk through how to identify, protect, and manage Entra ID’s most powerful…

Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive
JWTs power modern authentication, but missteps are common. In this blog, we share a practical guide to assessing JSON Web Tokens—common weaknesses, testing…

MCP in Burp Suite: From Enumeration to Targeted Exploitation
MCP servers rely on SSE and WebSockets, which makes manual testing tricky. In this blog, we introduce MCP-ASD, a new Burp Suite extension designed to help…
Loading...
