Analysis and articles
Field notes
Thoughts on offensive security, real defence and what we see during audits.
-
Published on 21 June 2026
What changes when the attacker uses artificial intelligence
Spain's National Cryptologic Centre has published a guide on offensive AI. Its underlying message reaches any company, not just the public sector, because artificial intelligence does not invent new attacks, it speeds up the old ones and sharply cuts the time you have to react.
Read article
-
Published on 18 June 2026
What your company is worth on the black market
The question is not whether you are a target, it is how much what you have sells for. An email with a password, access to your network, your customer database. It all has a price on the black market, a price that explains why small companies get attacked too.
Read article
-
Published on 15 June 2026
The supplier that sinks you without anyone touching you
Many attacks do not come through your front door, they come through a supplier's. The access you gave your accountant, an update from trusted software or the data you keep in someone else's house can turn a third party's security into your problem.
Read article
-
Published on 12 June 2026
Why auditing your security costs less than ignoring it
Not auditing is betting that no one finds your holes before you do. A data breach costs far more than an audit, between the data protection fine, the business downtime and the trust you lose along the way.
Read article
-
Published on 05 June 2026
Why phishing emails have spelling mistakes on purpose
The spelling mistakes in mass phishing are not carelessness, they are a deliberate filter to find the easiest victims. The targeted phishing aimed at your company, by contrast, has not a single one.
Read article
-
Published on 01 June 2026
What an attacker learns about your company before launching a single attack
Reconnaissance is the first phase of any attack. Emails in breaches, forgotten subdomains, metadata in your documents, exposed technology and your own people. Everything an attacker gathers about your company from public, legal and free information.
Read article
-
Published on 31 May 2026
Pentest, red team or vulnerability scan, which one do you actually need?
Three terms used as synonyms that are not the same. What a vulnerability scan, a pentest and a red team are, how they really differ and which one your company needs depending on its maturity.
Read article
-
Published on 30 May 2026
The 5 Active Directory misconfigurations we find in almost every internal audit
Kerberoasting, AS-REP, passwords in SYSVOL, excessive permissions and unconstrained delegation. The five Active Directory misconfigurations that show up in almost every internal audit, with how to fix them.
Read article
-
Published on 29 May 2026
What to do (and not do) in the first hour of an incident
The first sixty minutes of a security incident shape much of what follows. Which steps to take, which mistakes to avoid and why shutting the machine down usually makes everything worse.
Read article
-
Published on 28 May 2026
How to prepare for an offensive audit and get real value from it
A practical guide to arriving ready for a pentest. What to define, which access to set up, whom to tell and what not to touch the week before.
Read article
-
Published on 27 May 2026
Why passing a compliance audit doesn't mean you are secure
The difference between a compliance audit and an offensive audit. Why holding an ISO 27001 or ENS certificate is no guarantee that your company is protected against a real attacker.
Read article