red-team
14 posts
Your AI security tool blocks nothing
A red team operator's breakdown of why AI cybersecurity tools are sold as controls but function as telemetry with a verdict attached.
AI is making attackers worse, not better.
Defender telemetry through 2026 shows model-mediated attackers produce more volume, less variance, weaker adaptation. Substitution is not uplift.
Workflows are code, not config
CI workflow modification executes under repository trust. The control surface is the file. The boundary is the weakest identity allowed to merge.
Fragnesia is already loose
Fragnesia Linux privilege escalation has a public PoC. The kernel trust boundary is conditional on patch state. What must now be true.
Stealth Playwright breaks your bot detection
A circulating stealth Playwright Firefox build is reported to pass antibot and captcha, exposing the limits of any control that delegates verification to the client.
A postcard breached a warship
A 5 dollar Bluetooth tracker hidden in a postcard broadcast a 585 million dollar warship's position for 24 hours. The control that failed was classification.
Binding 65535 ports is the easy part
Architecture and evasion realities of an LLM honeypot binding all 65535 ports - TPROXY, latency tiers, fingerprint defence, and detection traps.
Pick offense or defense
Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.
The power adapter was the attack
A WiFi camera concealed in a hotel power adapter transmitted to a foreign server. The boundary failed at the physical layer.
1,300 SharePoint servers speaking for someone else
Over 1,300 SharePoint servers expose a spoofing primitive where authentication and identity validation collapse into a single unenforced control.
Forage simulation maps your broken controls
The Mastercard Forage cybersecurity simulation surfaces the same enforcement drift red teamers exploit in mature security programs. Operator breakdown.
Recruiters filtered out the operators who can actually breach
Why most pentesters fail within ninety days: identity reasoning, EDR evasion, and control bypass sit outside the certifications they trained on.