Can We Beat the Adversary, or Am I Willing to Accept the Risk?
Most security programs detect breaches. Fewer can prove they won't happen. Learn the offensive security framework that turns "are we secure?" into an answerable question.
Topher Lyons
Solutions Engineer
Budget cuts don't reduce security risk. They relocate it. Here's the breach math CFOs need to see before the spreadsheet wins the argument.
Juan Pablo Gomez Postigo
Senior Penetration Tester
Microsoft has fully patched the ACS metadata endpoint that powered tenant domain enumeration. Learn what the original technique was, why it's gone, and how azmap.dev now combines DKIM lookups, MX brute-force, and Graph API to still surface tenant names and related domains.
AI for Defenders: What's Actually Working in the Environments We Test
Topher Lyons
Solutions Engineer
From alert triage to attack path prioritization, AI has moved past the marketing slides. A Sprocket SE breaks down what's working in real SOC workflows, where it falls short, and how to think about automation before it thinks for you.
Auditing AI Chat APIs: Beyond Prompt Injection
Nate Fair
Principal Penetration Tester
Prompt injection isn't the only risk in AI chat APIs. See how we found a GraphQL BOLA in a healthcare SaaS AI assistant and why the transport layer matters.
Top 10 CPTaaS Companies in 2026: The Definitive Guide
Lucjan Zaborowski
Head of Marketing
Explore the top 10 CPTaaS companies in 2026. Compare continuous penetration testing platforms, PTaaS providers, ASM capabilities, compliance support, and human-led testing models.