We share our expertise to make the world a safer place.
InfoSec moves at a rapid pace and sometimes it’s hard to keep up—that’s where we enter the chat.
Discover current cybersecurity insights
Get vital information straight from the experts, without all the noise.
NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”
As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…
Attacking JWT using X509 Certificates
Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…
Security Noise - Episode 7.18
This week on Security Noise, we are hacking with AI! Listen as we discuss how AI can accelerate workflows, the pros and cons of using automation in penetration…
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs
Drag a file, leak a hash. Learn how Chrome’s drag-and-drop API lets web apps initiate complex actions...and with some social engineering, it can also trigger…
Hunting Deserialization Vulnerabilities With Claude
In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…
Common Mobile Device Threat Vectors
Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…
Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?
Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could…
So You Wanna Be a Hacker? Starting Your InfoSec Career
Join Principal Security Consultant Adam Compton and Senior Security Consultant David Boyd as they demystify the cybersecurity career landscape, from red…
Teaching a New Dog Old Tricks - Phishing With MCP
As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it…
Security Noise - Episode 7.17
On this episode of the Security Noise podcast we talk to Sean Metcalf about Active Directory, Entra ID, DS, and more in the identity security space. Sean…
Apples, Pears, and Oranges: Not All Pentest Firms Are the Same
Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same"…
AppSec Cheat Sheet: Session Management
Session Management Testing - CookiesThe Cheat Sheet section is for quick reference and to make sure steps don’t get missed.The Learn section is for those who…
Loading...
Get our best blogs, latest webinars, and podcasts sent to your inbox.
Our monthly newsletter makes it easy to stay up-to-date on the latest in security.
