Analysis and articles
Field notes
Thoughts on offensive security, real defence and what we see during audits.
-
Published on 01 June 2026
What an attacker learns about your company before launching a single attack
Reconnaissance is the first phase of any attack. Emails in breaches, forgotten subdomains, metadata in your documents, exposed technology and your own people. Everything an attacker gathers about your company from public, legal and free information.
Read article
-
Published on 31 May 2026
Pentest, red team or vulnerability scan, which one do you actually need?
Three terms used as synonyms that are not the same. What a vulnerability scan, a pentest and a red team are, how they really differ and which one your company needs depending on its maturity.
Read article
-
Published on 30 May 2026
The 5 Active Directory misconfigurations we find in almost every internal audit
Kerberoasting, AS-REP, passwords in SYSVOL, excessive permissions and unconstrained delegation. The five Active Directory misconfigurations that show up in almost every internal audit, with how to fix them.
Read article
-
Published on 29 May 2026
What to do (and not do) in the first hour of an incident
The first sixty minutes of a security incident shape much of what follows. Which steps to take, which mistakes to avoid and why shutting the machine down usually makes everything worse.
Read article
-
Published on 28 May 2026
How to prepare for an offensive audit and get real value from it
A practical guide to arriving ready for a pentest. What to define, which access to set up, whom to tell and what not to touch the week before.
Read article
-
Published on 27 May 2026
Why passing a compliance audit doesn't mean you are secure
The difference between a compliance audit and an offensive audit. Why holding an ISO 27001 or ENS certificate is no guarantee that your company is protected against a real attacker.
Read article