Disclaimer: This article describes a security research activity carried out in a controlled context, with educational goals and the aim of improving security. All references to IPs, domains, paths, file names, and configurations have been anonymized or modified to prevent any form of harm or unauthorized enablement. Nothing below is an invitation to test systems without a written mandate from the
Cyber attacks are becoming more frequent and more expensive because criminals are still getting paid. Despite growing awareness, the economics of ransomware still favour attackers. Only 17% of UK organisations hit by ransomware chose to pay, but even among those who do pay, outcomes remain unreliable. According to UK‑wide data, oranisations are now three times more likely to recover from backups
A real-world case study in passive threat intelligence and open-source investigation. Disclaimer: This research was conducted exclusively for educational purposes and passive threat intelligence. No systems were breached, no credentials were used without authorization, and no sensitive identifying data is reported in this article. All information collected comes from publicly accessible sources: S
Modern yazılım geliştirme ekosisteminde altyapının kod olarak yönetilmesi hız ve ölçeklenebilirlik açısından devrim yaratırken GitOps yaklaşımı bu süreci merkezi bir doğruluk kaynağına bağlamaktadır. Ancak tüm yapılandırma detaylarının tek bir platformda toplanması kritik siber güvenlik risklerini de beraberinde getirmektedir. Nesil Teknoloji olarak TSE A Sınıfı sızma testi yetkimizle endüstriyel
Harbor cities understand accumulated risk. Cargo moves in quietly. Weather shifts by degrees. One bad assumption can sit unnoticed until it reaches critical mass. Halifax has lived with that kind of memory for more than a century. On December 6, 1917, a collision in Halifax Harbor triggered the largest man-made explosion prior to the atomic bomb, a disaster that directly changed the lives of over
Manual content discovery is a core skill in application security testing. Instead of relying only on automated scanners, you can use simple HTTP requests and browser tools to find exposed files, hidden paths, and technology fingerprints. This covers techniques like checking robots.txt, fingerprinting favicons, reading sitemap.xml, inspecting HTTP headers, and spotting framework markers in HTML sou
TL;DR. golang.org/x/net/idna.Lookup.ToASCII runs UTS-46 NFKC mapping 0-9. A pre-IDNA net.ParseIP check rejects the NO_PROXY lists, TLS-SNI routers, and cookie-domain validators that TrimRight + ParseAddr golang.org/x/net/http/httpproxy, the canonical safe pattern, and two I ran into this one while writing a Go HTTP client for a private project. I idna.Lookup.ToASCII canonicalising the host The sha
The technical analysis of EtherRAT by Atos TRC is detailed and useful. SEO poisoning, fake GitHub repositories, Node.js payloads, blockchain-based C2 — all of this is correctly identified. Source LinkedIn Source CyberPress But there is a pattern beneath these techniques that the report does not name. The attackers did not exploit a cryptographic flaw. They did not break a protocol. They exploited