Bruteforcing WPA 802.11r: a new module for HashCat
Previously, pentesting tools did not work with 802.11r hashes
Blog
Invisible attacks with bind mount
A technique much simpler than rootkit can make a malicious process invisible
Incidents 2025: MDR and IR Report
Combining MDR and IR statistics provides a better understanding of current and emerging threats
Yes, we can RCE via your AI agent OpenClaw
Overly autonomous LLM executes commands not requested by the user
How we patched PEAS and ensured Provisioning
If Exchange ActiveSync requires security policy agreement, PEAS still works
Attribution by Slang: Exposing Horabot
How our MDR team investigated a Brazilian hacker attack on Mexico
Accessing services through Kubernetes
K8s clusters can be an interesting target during a pentest
Incidents 2020-2025: Industry Statistics
What types of attacks are leading in different sectors in different years?
Hidden Tunnel: Proxying through WebSocket Secure
Another story of non-standard remote access
Attack with Four Remote Access Channels
Attackers used Velociraptor, VS Code Tunnel, Cloudflare Tunnel, and Zoho Assist
Scan2hive helps upload data to Hive
How we improved our work with Hexway Pentest Suite
How to detect Notepad++ attack
Attackers were distributing malware from Notepad++ update center
Bypassing authentication in Fortinet products via SSO
An attacker with a FortiCloud account can log in to other users’ FortiOS
Implementation of TCP transport for the Mythic agent
If Mythic agents communicate over HTTP(S), they are easy to detect
Cognitive Biases in SOC Analysts' Work
Anchoring effect, reasoning by analogy, and other logical errors
Disabling Windows Defender via symlink
Built-in antivirus could be switched off without any third-party software
Top-10 posts of PurpleShift in 2025
We selected posts that got the most likes