The detections worked. The enforcement didn’t. A look at how mobile runtime protections were bypassed on Android and iOS, and why defenders should assume client-side controls can eventually be modified.
Most of what happened at Vercel this month worked because Google Workspace defaults aren't built for sensitive environments and Vercel hadn't tightened them up. A walkthrough of the three points in the attack chain, with admin console links for Google Workspace and Entra ID at each step.
Why Python's legitimacy and SSH's ubiquity remain the red teamer's best friends — and what defenders should watch for. A walkthrough of two techniques tested against a domain-joined Windows host running CrowdStrike, with notes on why both of them slip past modern telemetry.
What started as shopping for an ice maker turned into a reverse-engineering session. A walkthrough of using Frida and Objection to peek behind the curtain of an Android app's encrypted API traffic, and what gets revealed when you hook the right methods.