Threat Intel
The 2025 cloud breach playbook attackers are using right now
Misconfigured OIDC trust policies have become the #1 initial access vector across our incident response engagements this quarter.
Apr 18, 20268 min
Insights
Field notes from offensive security engineers
Original research, threat intelligence, and lessons from the audit room. No marketing fluff.
Web3
Why your Solidity audit missed the price oracle bug
A walkthrough of three real-world DeFi exploits that all stem from the same flawed oracle assumption.
Apr 12, 202612 min
Compliance
DPDP Act compliance for SaaS: a practical 90-day plan
India's Digital Personal Data Protection Act is now in force. Here's the engineering checklist we give every client.
Apr 04, 202610 min
Pentesting
Bypassing modern WAFs with HTTP request smuggling, again
CL.0 and 0.CL variants are still finding their way past Cloudflare and AWS WAF in 2026. Here's how to test for them.
Mar 28, 202615 min
DevSecOps
SBOM is not a security control. Stop pretending.
An SBOM is a starting point. Without continuous CVE triage and policy enforcement, it's a PDF gathering dust.
Mar 19, 20266 min
Cloud
AWS IAM blast-radius: a measurable approach
We share the methodology we use to quantify and reduce IAM blast-radius across enterprise AWS estates.
Mar 11, 20269 min