What are LLM API Misconfigurations and why do they happen? Large Language Model (LLM) APIs like Responses, Completions, Messages provide flexible interfaces for building multi-turn conversations, tool integrations, and agent pipelines. These APIs accept structured input such as messages[], roles, function calls, and other model-relevant parameters, and return structured outputs
AI Red Team
Large Language Models introduce security issues reminiscent of early-2000s software bugs. Special Token Injection (STI) exploits how LLMs parse structured prompts. This post breaks down what STI is, how it works, where it appears, and why it matters—through a pentester’s lens.
OAuth 2.0 has become the cornerstone of modern authorization, powering secure API access for countless applications. Yet not every OAuth flow fits every scenario. While some flows are designed for backend, server-to-server communications, others are intended for public clients. In this piece, we explore why using the OAuth client
This blog details how attackers exploit Unconstrained Delegation in Active Directory to achieve domain takeover. You'll see a step-by-step breakdown of capturing a Domain Controller's TGT, why it's critical, and, of course, learn actionable steps to prevent this threat. Unconstrained delegation is a legacy
When reset tokens rely on predictable data, such as hashing a simple timestamp with MD5, they can lead to account takeovers. Read on if you want to protect your application’s password recovery functionality without compromising user convenience. Modern web applications almost always feature some form of password recovery or
Penetration Testing
Information stored in sourcemap files can lead to major security breaches. If you’re looking to keep your production environment safe without sacrificing the benefits of modern build pipelines, read on.
Penetration Testing
This guide covers the ESC8 Attack, a high-severity attack vector in Active Directory Certificate Services (AD CS) that exploits the Web Enrollment feature alongside NTLM relay attacks.
Offensive Security
While Red Team exercises are invaluable for mirroring adversary behavior, they can be time-consuming and expensive. This panel will fix it.
AI Red Team
AI Red Teaming should differentiate between security and safety to effectively address the unique challenges posed by AI systems, ultimately ensuring that they are secure by design and safe to use.