Why the pentesting playbook doesn’t fit: belief, assumptions, and non-determinism
About the author Hussein Bahmad Hussein is a penetration testing manager in NVISO’s SSA team in which he manages a variety of application security projects. He plays an active role on the R&D team, focusing on AI and automation within the security assessment domain.
Ivanti EPMM ‘Sleeper Shells’ not so sleepy?
In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile…
Capture the Kerberos Flag: Detecting Kerberos Anomalies
Kerberos is one of the most common protocols in organizations that utilize Windows Active Directory, and an essential part of…
An introduction to automated LLM red teaming
Introduction As large language models become increasingly embedded in production applications, from customer service chatbots to code assistants and document…
Rootless Containers with Podman
In modern digital infrastructure, containerization has become one of the most significant technologies, offering automation, portability, and resilience of services…
ConsentFix (a.k.a. AuthCodeFix): Detecting OAuth2 Authorization Code Phishing
ConsentFix (a.k.a.AuthCodeFix) is the latest variant of the fix-type phishing attacks, initially identified by Push Security. In this technique, the…
OWASP Top 10 2025 – A Pentester’s Perspective
Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”.…
Something went wrong. Please refresh the page and/or try again.