Companies invest heavily in tools like SIEM, EDR, NDR, implement MFA, and conduct training. And rightly so. But there’s one problem... Most still don’t know how strong (or rather weak) their passwords are. The reason is simple. Nobody checks them, and security remains in a state of superposition, so…

Every day, an absurd amount of new data breaches appear online. On top of that, old breaches still circulate, often easily accessible – both for free and for a fee – and they can pose a real threat to your company. Attacks using what are known as “creds” (from credentials), i.e., login:password pair…

No big budget needed to significantly improve security. All it takes is two hours. Two hours that won’t change the world, but could protect your company from severe consequences. And this is not theory. This is practice, evident in every incident that could have been avoided. And there are plenty of…

Whether it's on HackTheBox, at work, or just for fun, sometimes you need to infect a Windows system with some C2 software or malware. In my case, I most often use CobaltStrike (link) or the equally effective Sliver (link). Since I've done this many times, I immediately thought, "I'll disable AMSI, u…