Ivanti EPMM ‘Sleeper Shells’ not so sleepy?
In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) was published. Shortly after reports (in example by tenable) mentioned publicly available proof-of-concept exploits. On 09th February 2026, Defused published a blog post mentioning a specific webshell being deployed on EPMM devices via thisโฆ
Capture the Kerberos Flag: Detecting Kerberos Anomalies
Kerberos is one of the most common protocols in organizations that utilize Windows Active Directory, and an essential part ofโฆ
An introduction to automated LLM red teaming
Introduction As large language models become increasingly embedded in production applications, from customer service chatbots to code assistants and documentโฆ
Rootless Containers with Podman
In modern digital infrastructure, containerization has become one of the most significant technologies, offering automation, portability, and resilience of servicesโฆ
ConsentFix (a.k.a. AuthCodeFix): Detecting OAuth2 Authorization Code Phishing
ConsentFix (a.k.a.AuthCodeFix) is the latest variant of the fix-type phishing attacks, initially identified by Push Security. In this technique, theโฆ
OWASP Top 10 2025 – A Pentester’s Perspective
Every three to four years, OWASP releases a new version of arguably its most famous project, the โOWASP Top Tenโ.โฆ
Integrating Abuse Case Scenarios to Improve Authorization Testing
Introduction In many penetration testing assessments, it is common to encounter applications that support multiple user roles, such as admin,โฆ
Something went wrong. Please refresh the page and/or try again.