Defensive Research
Broken Access Control Testing for Defenders
Broken access control testing for defenders — detect IDOR and BOLA from authorization-failure telemetry with Sigma and SPL rules, plus deny-by-default hardening.
Topic hub
Defensive Research
Adversary techniques broken down for the defender: how an attack actually works, what it leaves behind, and the detections and hardening that neutralize it. Lab-only, authorization-only, mapped to MITRE ATT&CK.
2 articles
Web Application Defense
Active Directory Attacks
Defensive Research
Anatomy of a Kerberoasting Attack — and How to Detect It
How Kerberoasting abuses service tickets to crack service-account passwords offline — and the Sigma detection and hardening that shut it down. Lab-only.
Newsletter
The darkpwn dispatch
Defensive security research — detection, hardening, and hardware — delivered when there is something worth saying. No spam, unsubscribe anytime.