Blog

Vulnerability CVE-2025-47179 allows for full control over SCCM

An interesting experience in solving a pentesting task

How to prevent exploitation of a vulnerability in a popular image editing tool

Kubernetes API can reveal many secrets without authentication

A chain of events 4023 and 4021 from the same IP address means an attack

We found out which local LLMs are better at finding vulnerabilities

Severe vulnerability allows an unprivileged user to gain root

Fake RPC server can impersonate the security context of the calling client, up to SYSTEM

We found a vulnerabilty in a popular LLM agent

An attacker can take over the domain if automatic client push installation is enabled on the server

Previously, pentesting tools did not work with 802.11r hashes

A technique much simpler than rootkit can make a malicious process invisible

Combining MDR and IR statistics provides a better understanding of current and emerging threats

Overly autonomous LLM executes commands not requested by the user

If Exchange ActiveSync requires security policy agreement, PEAS still works

How our MDR team investigated a Brazilian hacker attack on Mexico

K8s clusters can be an interesting target during a pentest

What types of attacks are leading in different sectors in different years?

Another story of non-standard remote access

Attackers used Velociraptor, VS Code Tunnel, Cloudflare Tunnel, and Zoho Assist