Red Teaming
AD exploitation, lateral movement, persistence, defense evasion — MITRE ATT&CK aligned playbooks.
Defending LLM Applications: The 6-Layer Stack
Layered defence for production LLM applications — input filter, prompt hardening, output filter, tool/agent constraints, rate limiting, monitoring. Architectural bounding via capability…
Red TeamingLLM Red-Teaming Methodology in 2026
LLM red-team workflow — OWASP LLM Top 10, scoping, direct prompt injection, indirect injection, sensitive info disclosure, excessive agency, DoS. Tools: PyRIT,…
Red TeamingPrompt Injection: Direct vs Indirect Attacks
Prompt injection variants — direct (user jailbreaks), indirect (malicious instructions in processed content). Real attack examples, encoding bypasses, multi-turn manipulation, RAG-based injection.…
Red TeamingAI Agent Security: Securing Autonomous LLM Systems
AI agent attack surface — prompt injection via tool inputs (RCE-equivalent), tool chaining for escalation, excessive permissions, state-persistence attacks. Capability separation +…
Red TeamingCitrixBleed (CVE-2023-4966): Why Patching Wasn’t Enough
CitrixBleed leaked active session tokens that survived patching — post-patch session hijacking persisted for weeks. The bug, IoCs, the required session-termination playbook,…
Red TeamingIvanti Connect Secure 2024 CVEs: Mass Exploitation and Lessons
CVE-2023-46805 + CVE-2024-21887 chained for unauthenticated RCE on Ivanti VPN. Mass-exploited within hours by nation-state and ransomware actors. IoCs, the 7-step IR…
Red TeamingFortinet FortiGate CVEs: The Edge-Device Attack Surface Pattern
Fortinet's recent CVE history (2022-40684, XORtigate, 2024-21762, FortiManager 23113 / 47575) shows the structural risk of edge devices. IoCs, mitigation pattern, and…
Red TeamingOSINT Methodology for Pentesters: The 2026 Toolchain
Practitioner OSINT methodology — subdomain enumeration with subfinder/amass, live discovery with httpx, vulnerability scanning with nuclei, people enumeration with theHarvester, GitHub secrets…
Red TeamingSubdomain Enumeration Deep-Dive: Beyond subfinder
Senior subdomain enumeration — passive sources (CT logs, DNS aggregators), active brute-force with smart wordlists, JS-file analysis, cloud-asset patterns, subdomain takeover hunting.…
Red TeamingSock Puppet Accounts for OSINT Investigations: OPSEC and Ethics
Operational sock puppet accounts for OSINT — the OPSEC stack (browser profile, VPN, email, phone, fingerprint), believable persona building, attribution mistakes, legal/ethical…