Secure channel · TLS 1.3 All systems nominal 00:00:00 UTC v.2026.05
Disclose a vuln Talk to us
Home/ Insights
Field notes from the practice

Insights — sanitised dispatches from live work.

Advisories, practice notes, coordinated disclosures and the occasional opinion held loosely. Written by the practitioners doing the work. Never ghost-written, never repurposed.

CategoriesRed Team · Compliance · DFIR · Advisory
CadenceWeekly
Subscribers14,200+
01 Featured

From an unpatched VPN appliance to domain admin in eleven minutes.

A walk-through of a recent assumed-breach engagement against a 4,000-seat European insurer — and four chokepoints where a determined defender could have stopped us.

D. Ospanov · 8 min read · 2026.05.08 Read the full report
FIELD REPORTRED TEAM

Eleven minutes from VPN to DA — what we wish defenders watched for.

Read field report
02 Latest writing
  • 2026.04.21 Why most SOC 2 Type II audits fail on their first attempt — and the eight control families to fix first. Compliance 6 min
  • 2026.04.03 CVE-2026-21118 · Privilege escalation in a popular Node.js middleware framework. Disclosure 5 min
  • 2026.03.28 Passkeys at enterprise scale — what works, what does not, and what to deploy now. Identity 9 min
  • 2026.03.12 NIS2 in practice: a one-page mapping from the directive to the controls your engineers will actually ship. Compliance 7 min
  • 2026.02.26 A field guide to detecting OAuth refresh-token abuse — three queries every SOC should run today. Detection 11 min
  • 2026.02.11 Lessons from a quiet ransomware engagement: how a 36-hour response saved €4.1M in business interruption. DFIR 12 min
  • 2026.01.30 Threat modeling as a habit — the four questions we ask before any new service ships. Practice 6 min
  • 2026.01.15 The 2026 outlook: what we will be paid to fix, and what nobody will fund until it breaks. Opinion 8 min
  • 2025.12.18 Cloud privilege escalation in the wild — three patterns we keep seeing across AWS, GCP and Azure. Red Team 10 min
  • 2025.12.02 Onidef advisory ONI-2025-09 · Authentication bypass in an enterprise observability platform. Advisory 4 min
  • 2025.11.20 Building an evidence pipeline that survives SOC 2, ISO 27001 and an angry auditor at 18:00 on a Friday. Compliance 9 min
  • 2025.11.05 Tabletop exercises that engineers do not hate — a facilitation kit we have refined over forty sessions. DFIR 5 min