All posts
Writing about offensive security, tooling, automation, career, and whatever else is on my mind.
Weekly Vulnerability Roundup β February 27, 2026
Three major vulnerability stories this week, each targeting a different part of the stack. A CVSS 10.0 Cisco SD-WAN zero-day that's been exploited since 2023, aβ¦
There Are Many More Pentesters Than Jobs
The number was always big enough to be its own argument. Three and a half million. That was the figure β three and a half million unfilled cybersecurity jobsβ¦
Offensive Security Weekly: February 20, 2026
Three stories, examined with appropriate skepticism. 1. PromptSpy: First AI-Powered Android Malware β Or Just a Lab Curiosity? ESET published research onβ¦
Abusing MSBuild for Defense Evasion: A Detection Engineering Playbook
MSBuild is a trusted Microsoft binary that ships with every Windows installation β and it's a favorite tool for adversaries looking to execute arbitrary codeβ¦
Building a Custom C2 Channel Over DNS: Lessons from the Lab
Off-the-shelf C2 frameworks are powerful, but they come with known signatures. When you need to blend into normal network traffic, building your own channel isβ¦
Using LLMs to Accelerate Recon: What Works, What Doesn't
I integrated GPT-4 into our red team reconnaissance and vulnerability triage workflow and cut manual effort by roughly 30%. Here's exactly how I did it, whatβ¦
Running 15 Purple Team Tests a Month: My Framework
Purple teaming at scale requires structure. When you're running roughly 15 tests per month across a large enterprise, you can't afford to wing it β but you alsoβ¦
From PwC Auditor to Red Team Operator: A Non-Linear Career Path
People ask me all the time how I went from auditing pension funds at PwC to breaking into enterprise networks for a living. The honest answer is: slowly, andβ¦
Smart Contract Auditing for Red Teamers: Where to Start
The overlap between offensive security and smart contract auditing is bigger than you think. If you can find vulnerabilities in web applications and APIs, youβ¦
The OSCP Course Won't Fully Prepare You β Here's What Will
By Derek Martin | March 2025 I recently passed the OSCP exam β root and Administrator on every target. But it took me five attempts to get there. I want to leadβ¦