Three hours. That's how long it took to go from standing outside a data center fence to dumping domain credentials from a VSS shadow copy. Not three days. Not three weeks of patient phishing campaigns and careful lateral movement. Three hours, start to finish, in broad daylight. The Setup A client hired us for a physical target assessment of a remote data center. The engagement included a network penetration test component, but with a catch—we only got to touch the network if

It's been a few weeks since my last post. I've been busy. The end of the year always seems to get us. Organizations are scrambling to close out projects that have been lingering for months, budgets are coming to a close, and with that comes an influx of high-priority, short-notice work. Sleep becomes optional. Most of my time has been spent on offensive technical work: external / internal penetration tests and public-facing web application testing. With that comes tool develo

I found this list a few months back while doing disaster operations training. I volunteer with the American Red Cross as a State Relations Disaster Liaison; it's what I do when I'm not doing security work. Some of the training material had this piece of dark satire buried in it, probably aimed at disaster responders or emergency workers. I wish I could remember where exactly it came from so I could credit whoever wrote it. Here's why it stuck with me: I read through it and re

Last week I watched something that happens constantly in our industry. A client's blue team was investigating suspicious traffic. Nothing crazy—just odd patterns in their Splunk. Meanwhile, their red team was two floors up running a pentest using the exact same techniques the blue team was tracking. Nobody told anyone. The teams don't talk. Real attackers don't work in silos. They run automated recon, exploit vulnerabilities in real-time and adapt to your defenses faster than

The threat intelligence lifecycle begins with defining what information you actually need to collect. Intelligence Requirements form a hierarchical framework for organizing and prioritizing information gathering needs within cybersecurity threat intelligence operations. This three-tiered approach—Intelligence Requirements, Priority Intelligence Requirements, and Specific Intelligence Requirements—ensures systematic collection and analysis of relevant threat data throughout th

I'm stepping away from my usual security-focused content today to address something dire that affects every small business owner - something I witnessed firsthand that left me genuinely shaken. I was at a networking event recently with about 30 small business owners. At one point during the presentations, a CPA asked everyone in the room a simple question: "How many of you actively track your profit and loss statements?" Less than half the room raised their hands. Let that si

Last week, I was sitting across from a CISO at a Fortune 500 company when he said something that made me pause: "We're just starting to explore AI for our security operations. It's exciting to think about the possibilities." I had to break some bad news to him. While his team was "exploring possibilities," the attackers targeting his organization had been weaponizing AI for the better part of a decade. Let me share what I've been seeing in the field. The gap between offensive

A practical guide for protecting your business without breaking the bank or hiring an IT team Your Business Is More Vulnerable Than You Think In October 2023, First Choice Dental in Wisconsin discovered that ransomware attackers had encrypted their patient files and were demanding payment to release them. The attackers had gained access to their computer network and stolen personal information from 228,287 dental patients over just two days. The practice had to take their e

90-Day Roadmap with NIST Cybersecurity Framework Maturity Assessment Company Name: _____________________Assessment Date: ___________________Completed By: ______________________ How to Use This Checklist This checklist follows a 90-day implementation timeline and maps to the NIST Cybersecurity Framework (CSF) functions: Identify, Protect, Detect, Respond, and Recover. NIST CSF Maturity Levels: Level 1 - Partial: Ad hoc, reactive security practices Level 2 - Risk Informed: Risk

When you look at what happened to Highlands Oncology Group, you're seeing a textbook example of how security failures compound over time. This Arkansas-based cancer care provider was hit twice in less than two years. The second attack was more than double the size of the first. What makes this case particularly concerning is the pattern we see repeatedly in healthcare. The implementing of tactical fixes after a breach without addressing the underlying security architecture pr

Radio frequency scanning has long been a cornerstone of signals intelligence operations, from World War II codebreaking efforts to modern military and law enforcement surveillance. What was once the exclusive domain of government agencies and sophisticated adversaries has now become accessible to a broader range of threat actors through commercial software-defined radios and readily available scanning equipment. As organizations increasingly rely on radio communications for s

I've been watching the energy security space for years, but this week's news from Mozambique caught my attention in a way that should concern every security professional. TotalEnergies just announced they're restarting their massive $20 billion LNG project this summer. This is the same project they were forced to abandon in 2021 when insurgent attacks made operations impossible. Now, you might be thinking this is just another story about corporate resilience or energy market

We're in Indonesia again for a few weeks doing some work as well as getting some much-needed R&R. While the archipelago nation offers incredible cultural experiences and stunning landscapes, it also provides a sobering reminder of how geopolitical instability can expose the theatrical nature of physical security measures worldwide. The Current Climate: Unrest Beneath the Surface Indonesia's political landscape has grown increasingly volatile in recent months. Student-led prot

Over the last few weeks, we’ve been off the radar—but for good reason. Our team was deep in Latin America conducting forced entry prevention training and executing site assessments across three countries. It was a high-tempo, high-stakes stretch of work that spanned military installations, critical infrastructure, and some long days in the sun with very little time in the rack. The kind of work we do in the field doesn’t just test our endurance—it constantly reinforces how la

Recently, Verkada—a major player in cloud-based surveillance and access control—asserted that IT departments should own physical security. While this claim might resonate with buyers of cloud-native technologies, it reflects a narrow understanding of what physical security truly entails. Verkada appears to conflate physical security with just two of its components: cloud-connected cameras and badge readers. That’s a fraction of the equation. There’s growing momentum around th

European powers are making their intentions clear. Over the past few days, something significant has taken shape across the Atlantic: the creation of "Weimar+," a newly expanded alliance formed by Germany, France, Poland, the United Kingdom, and Italy. This isn't just another diplomatic bloc. It's a direct response to what many European leaders view as strategic ambiguity from the U.S. when it comes to Ukraine. And while this might sound like a distant European affair, the ri

We didn’t have a plan—but honestly, it's hard to plan for these things when you get the target location address only 24 hours before go-time. No time for recon, no time for deep intel collection. Just show up, adapt, and execute. It wasn’t impossible, just difficult. The outer perimeter? Practically nonexistent. You could walk up to the building and kiss it. We probed the front entry a few times. Our cloned badge worked at the first door—thanks to a lift we did on an employee

On May 12, 2025, the European Council formally extended its cyber sanctions regime through May 18, 2028. This move reinforces the EU’s stance that cyberattacks which threaten international stability, democratic institutions, or critical infrastructure are not just criminal acts—they’re geopolitical weapons. As global cyber operations increasingly intersect with nation-state conflicts, this extension signals a strategic shift: nations are no longer content with passive cyber d

Introducing Sidikjari: Advanced Metadata Extraction for Cybersecurity Professionals Metadata analysis is a crucial part of security assessments, but it can be tedious and time-consuming. That's why we developed Sidikjari, a Python-based tool that automates metadata extraction and analysis for security professionals. It's designed to streamline intelligence gathering during penetration tests, security audits, and digital forensics work. What is Sidikjari? Sidikjari (developed

🧙‍♂️ Introducing macchanger: Finally, a MAC Spoofing Tool That Works on Windows 11 Spoiler: Yes, we know the name’s been used before. No, we don’t care — this one actually works on modern Windows. 💡 Why We Built It During recent physical security engagements, we kept running into the same problem: MAC spoofing tools that just don't work on Windows 11. Either they would: Crash on startup, Throw cryptic driver errors, Or worse — fail silently while we thought we were stealthy