Blog posts
Deep dives into vulnerabilities we discover, offensive security techniques we develop, and insights from the front lines of enterprise security research.

Java RMI for pentesters part two - reconnaissance & attack against non-JMX registries
In the second part of this series, we delve into automated reconnaissance and attacks within the Java RMI framework. Leveraging the RMI interface/server introduced in Part One, we explore practical techniques for penetration testing. This installment aims to equip pentesters with essential skills for efficient RMI exploitation.
Infrastructure
Web
AFINE
February 27, 2026
14
min read
•
Oct 8, 2020

Testing and exploiting Java Deserialization
This article is a comprehensive guide to testing and exploiting Java deserialization in 2021. It provides valuable insights and practical tips based on the author’s experience in Java application penetration testing. As Java environments evolve, the article addresses the question of whether Java deserialization remains a threat or if patches have mitigated its risks.
Infrastructure
Web
AFINE
February 12, 2026
19
min read
•
Feb 8, 2021

Practical strategies for exploiting FILE READ vulnerabilities
This guide explores practical strategies for exploiting FILE READ vulnerabilities. It delves into what File Read vulnerabilities entail, their potential risks, and the underlying vulnerabilities that can lead to them. The content also offers insights into confirming the presence of these vulnerabilities and provides useful tips for addressing them. Additionally, it examines the possible advantages and drawbacks of exploiting these vulnerabilities, along with offering general prevention and detection strategies for web applications.
Web
AFINE
February 12, 2026
12
min read
•
Oct 5, 2021

Red Team Trickery
This article will guide you in gaining initial access to a target during a Red Team assessment. It is divided into two parts for easy comprehension. The first part details the use of OSINT for Malware delivery, primarily for spear phishing. The second part covers creating malware and making use of evasion techniques. We hope you find this article both informative and enjoyable!
OSINT
Red teaming
Social engineering
Karol Mazurek
February 12, 2026
41
min read
•
Jul 18, 2023

OWASP Top 10 for LLM Applications
Understand the risks associated with the use of large language models based on the OWASP Top 10 for LLMs list. The article aims to illustrate and explain through examples the vulnerabilities in applications that use LLMs.
AI
LLM
Mateusz Wojciechowski
February 12, 2026
15
min read
•
Nov 22, 2023

IBM i Access Client Solutions vulnerabilities
Read about multiple vulnerabilities in IBM i Access Client Solutions software related to connecting AS400 servers. Chaining those vulnerabilities could allow remote attackers to access client and server machines.
Infrastructure
Vulnerability research
Zbigniew Piotrak
February 12, 2026
4
min read
•
Feb 12, 2024

Enhancing User Privacy and Security with Android 15: A quick jump into New Features
Take a look at the security & privacy improvements brought to its users in Android 15. The article explores what was changed, how it affects daily users and application developers.
Mobile
Android
Marcin Węgłowski
February 12, 2026
3
min read
•
Mar 27, 2024

Red Team Tactics for Code Execution
This article delves into advanced methods for running code on systems safeguarded by hardened policies. Expanding on prior discussions about initial access approaches, it uncovers weaknesses in seemingly strong security measures. It offers insights into how Red Team Operators can navigate these obstacles in corporate settings.
Active Directory
Red teaming
Karol Mazurek
February 12, 2026
17
min read
•
Aug 5, 2024

Microsoft Defender SmartScreen bypass with copy-paste from ISO
The article presents a detailed breakdown of how ISO files can be used to bypass Microsoft Defender SmartScreen protections.
Red teaming
Vulnerability research
Windows
Karol Mazurek
February 12, 2026
5
min read
•
Sep 20, 2024

Task Injection on macOS
The article explores Task Injection on macOS, detailing how attackers can acquire task ports, allocate memory, and execute arbitrary code within target processes. It demonstrates shellcode creation, memory management, and execution techniques, while examining macOS security mechanisms like taskgated, Hardened Runtime, and platform binary protections. Debugging and injection scenarios are tested, highlighting potential vulnerabilities and secure practices.
Apple
MacOS
Reverse engineering
Vulnerability research
Karol Mazurek
February 12, 2026
12
min read
•
Jan 22, 2025
Sort by Categories
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Enterprise Security Newsletter for Banking
Practical offensive security insights from banking operations, from the team making banks more secure for over 10 years. Be the first to know when we find something worth your attention.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cookie Settings
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you.
See our Privacy PolicyThank you! Your submission has been received!
Oops! Something went wrong while submitting the form.