Mar 03, 2026
Vulnerability Hunting a Retired App Part 1 - Auth Bypass
Decompiling a retired .NET application reveals how a single middleware misconfiguration leads to full authentication bypass.
Feb 26, 2026
Putting the Token Before the Cart? A Guide on E-Commerce API Pentesting
Nate Fair
Senior Penetration Tester
Why traditional API pentests miss real commerce risk and how cart tokens, checkout flows, and cross-layer auth gaps expose customer data.
Feb 24, 2026
LLMs Don't Follow Rules – They Follow Context
Jack Willis
Software Developer
LLM behavior isn't governed by a rulebook — it emerges from context, shaped by a stack of training, fine-tuning, and runtime instructions. Understanding this explains why the same model gives radically different responses to functionally identical requests.
Feb 16, 2026
Hunting Secrets in JavaScript at Scale: How a Vite Misconfiguration Lead to Full CI/CD Compromise
Nick Berrie
Senior Penetration Tester
Sometimes when conducting a Penetration Testing exercise or Red Team engagement, you might be interested in extracting password hashes or credentials of your target Windows user, without the use of Mimikatz to avoid detection. This is where you would resort to using an NTLM downgrade attack. In this article we shall discuss how you can be able to perform this...
Feb 11, 2026
Ahead of the Breach – Matthew Winters on Threat Hunting, Graph Thinking, and Making Adversaries Cry
Matthew Winters of T. Rowe Price joins the pod to discuss how graph thinking changes the way you can investigate threats, mixed in with a nice dose of making life harder for attackers.
Feb 06, 2026
The Dangers of Public Registration in Web Apps: How a JWT + oData Leaked Millions of Records
Nick Aures
Senior Penetration Tester
Nick Aures guides us through a real-life pentesting moment with important lessons for authentication using industry-standard technology, in this case JWTs.