penetration-testing

active-directory Kerberoasting: How Attackers Crack AD Service Accounts

active-directory active-directory identity-security penetration-testing

Kerberoasting: How Attackers Crack AD Service Accounts

Background Kerberoasting is an attack technique that leverages the Kerberos authentication protocol used by Microsoft Active Directory to extract password hashes from service accounts and crack them offline. The method relies on the presence of Service Principal Names (SPNs) associated with user or computer accounts in AD. When a client

Edgerunner 20 May 2026 8 min read

opinion opinion penetration-testing

The Dirty Secret of Bug Bounty Programs

The Real Problem The real problem isn’t just that organizations neglect critical flaws—it’s how they structure their responses to them, often prioritizing speed‑to‑market over thoroughness in validation or remediation. A concrete illustration comes from OpenAI’s newly launched Safety Bug Bounty (announced 26 March 2026)

Edgerunner 19 May 2026 2 min read

cve CVE-2026-34208 Explained: Why Your Sandbox Isn't Safe

cve cve vulnerability sandbox

CVE-2026-34208 Explained: Why Your Sandbox Isn't Safe

Background The security ecosystem has reached a fascinating paradox. We've built layers of protection so sophisticated they've become invisible—until they fail spectacularly. CVE-2026-34208 exemplifies this tension, exposing a fundamental truth about modern security: the more invisible our defenses, the harder they are to trust when

Edgerunner 12 Apr 2026 2 min read

vulnerability wpForo's Critical Flaw: How Easy Is Forum Destruction?

vulnerability vulnerability cve mitre-attack

wpForo's Critical Flaw: How Easy Is Forum Destruction?

CVE-2026-3666 demonstrates how wpForo's permission model allows attackers to delete files effortlessly. This analysis breaks down the technical pathways and highlights systemic security challenges in forum software design.

Edgerunner 11 Apr 2026 3 min read

mitre-attack EDR Bypasses: The Art of Invisible Attacks

mitre-attack mitre-attack nist penetration-testing

EDR Bypasses: The Art of Invisible Attacks

Background The arms race between endpoint security and attack techniques has always been asymmetric. We've seen this pattern repeat: defenders raise the bar, attackers find the cracks, and everyone pretends the game has changed. EDR bypass isn't a new phenomenon—it's the inevitable outcome

Edgerunner 10 Apr 2026 4 min read

phishing phishing zero-trust opinion

The Security Training Mirage

The Real Problem Security awareness training is an elaborate distraction from the fact that the systems we're asking people to protect are fundamentally designed to fail. We spend hours teaching employees to spot phishing emails, rotate passwords, and report suspicious activity—while the actual attack surfaces have shifted

Edgerunner 06 Apr 2026 2 min read

security-posture security-posture threat-intelligence penetration-testing

Passing Audits ≠ Actual Security

The Real Problem Compliance is a language of checkboxes. Security is a language of uncertainty. You can't translate one to the other without losing something vital. The illusion breaks down in three specific ways. First, compliance frameworks are built from retrospective knowledge—past breaches, known attack patterns, established

Edgerunner 31 Mar 2026 2 min read