Three hours. That's how long it took to go from standing outside a data center fence to dumping domain credentials from a VSS shadow copy. Not three days. Not three weeks of patient phishing campaigns and careful lateral movement. Three hours, start to finish, in broad daylight. The Setup A client hired us for a physical target assessment of a remote data center. The engagement included a network penetration test component, but with a catch—we only got to touch the network if

It's been a few weeks since my last post. I've been busy. The end of the year always seems to get us. Organizations are scrambling to close out projects that have been lingering for months, budgets are coming to a close, and with that comes an influx of high-priority, short-notice work. Sleep becomes optional. Most of my time has been spent on offensive technical work: external / internal penetration tests and public-facing web application testing. With that comes tool develo

I found this list a few months back while doing disaster operations training. I volunteer with the American Red Cross as a State Relations Disaster Liaison; it's what I do when I'm not doing security work. Some of the training material had this piece of dark satire buried in it, probably aimed at disaster responders or emergency workers. I wish I could remember where exactly it came from so I could credit whoever wrote it. Here's why it stuck with me: I read through it and re

Last week I watched something that happens constantly in our industry. A client's blue team was investigating suspicious traffic. Nothing crazy—just odd patterns in their Splunk. Meanwhile, their red team was two floors up running a pentest using the exact same techniques the blue team was tracking. Nobody told anyone. The teams don't talk. Real attackers don't work in silos. They run automated recon, exploit vulnerabilities in real-time and adapt to your defenses faster than

The threat intelligence lifecycle begins with defining what information you actually need to collect. Intelligence Requirements form a...

I'm stepping away from my usual security-focused content today to address something dire that affects every small business owner -...

Last week, I was sitting across from a CISO at a Fortune 500 company when he said something that made me pause: "We're just starting to...

A practical guide for protecting your business without breaking the bank or hiring an IT team   Your Business Is More Vulnerable Than You...

90-Day Roadmap with NIST Cybersecurity Framework Maturity Assessment Company Name:  _____________________ Assessment Date:...

When you look at what happened to Highlands Oncology Group, you're seeing a textbook example of how security failures compound over time....

Radio frequency scanning has long been a cornerstone of signals intelligence operations, from World War II codebreaking efforts to modern...

I've been watching the energy security space for years, but this week's news from Mozambique caught my attention in a way that should...

We're in Indonesia again for a few weeks doing some work as well as getting some much-needed R&R. While the archipelago nation offers...

Over the last few weeks, we’ve been off the radar—but for good reason. Our team was deep in Latin America conducting forced entry...

Recently, Verkada—a major player in cloud-based surveillance and access control—asserted that IT departments should own physical...

European powers are making their intentions clear. Over the past few days, something significant has taken shape across the Atlantic: the...

We didn’t have a plan—but honestly, it's hard to plan for these things when you get the target location address only 24 hours before...

On May 12, 2025, the European Council formally extended its cyber sanctions regime through May 18, 2028. This move reinforces the EU’s...

Introducing Sidikjari: Advanced Metadata Extraction for Cybersecurity Professionals Metadata analysis is a crucial part of security...

🧙‍♂️ Introducing macchanger: Finally, a MAC Spoofing Tool That Works on Windows 11 Spoiler : Yes, we know the name’s been used before....