Advisory
DATAIM-2026-014: Authentication Bypass in an Enterprise VPN Gateway
A pre-auth request-smuggling flaw allowed full session takeover. Coordinated disclosure and vendor patch timeline.
Home / Research
We are researchers first. Vulnerability research, advisories, open-source tooling, and threat intelligence — published so the whole community can defend smarter, and fed straight back into every client engagement.
Featured Research
An analysis of 50+ enterprise environments reveals how a single over-privileged identity repeatedly becomes the bridge between a low-value foothold and full domain compromise — and what actually closes the gap.
Advisory
A pre-auth request-smuggling flaw allowed full session takeover. Coordinated disclosure and vendor patch timeline.
Threat Intel
How we rebuild current affiliate playbooks in the lab so blue teams train against this quarter's tradecraft, not last year's.
Tooling
Visualize the shortest path an attacker takes from any foothold to your most sensitive assets. Free and open source.
Research
Common identity-provider misconfigurations that turn convenient single sign-on into single point of compromise.
Guidance
Practical, environment-tested controls that contain a compromised pod before it becomes a compromised cluster.
Research
Turning public vulnerabilities into reliable, safe proofs-of-concept for assessment — and why that matters for defenders.
Advisory
A misused token scope let any pipeline job escalate to host. Disclosure, fix, and detection guidance.
Threat Intel
Token-theft phishing kits defeat traditional MFA. Here is what the telemetry actually looks like.
Demo listing — articles are illustrative placeholders. Wire this page to your CMS or a static content folder before launch.
Retained research and advisory engagements bring the same depth you see here — focused entirely on the technologies your business runs.