CYPFER Offensive Practice

All published posts

You can find all of our published articles and search them.

Showing all posts

Adapting penetration testing methodology for AI driven solutions

How much of the traditional pentesting playbook still applies when the target is a language model

AI Pentesting Red Teaming Methodology

June 18, 2026 • Rejean Thiboutot Read article

Assumed Breach Engagements: When the Threat Is Custom, the Tools Should Be Too

How we engineered our own deployment infrastructure, so our team spend every hour of an engagement doing what matters: testing your security, not fighting setup logistics.

Red Team Assumed Breach VM

April 30, 2026 • Rejean Thiboutot Read article

Hunting Honey Pots as Red Teamers

Subtle inconsistencies in identity data routinely expose defensive controls such as honeypots and honeytoken accounts.

Red Team Exercise HoneyPot Windows APIs Active Directory

June 15, 2026 • Charles F. Hamilton Read article

AzureRedOps a tool to audit your Azure tenant

AzureRedOps is a offensive security toolkit for assessing the security posture of Microsoft Entra ID and Azure tenants. It wraps the most common red-team workflows.

Red Team Exercise GitHub Azure AzureRedOps

June 3, 2026 • Charles F. Hamilton Read article

From GitHub Keys to Azure Secrets

A quiet shift in how access is leaked and what attackers might use to access your azure tenant.

Red Team Exercise GitHub Azure Secrets leak

May 27, 2026 • Charles F. Hamilton Read article

When AI Reconnaissance Loses Context during real attacks

Analyzing nonsensical AI-driven reconnaissance patterns and why context-less automation fails in real-world attacks.

Red Team Exercise AI Web attack

May 8, 2026 • Charles F. Hamilton Read article

Before Mythos Ships, Walk Your Own Attack Paths.

Mythos will make 0days cheaper and faster. But the real risk isn't the front door; it is the misconfigured domain sitting wide open behind it and the poor detection.

Red Team Mythos Active Directory

April 17, 2026 • Cedrick Picard Read article

Old red team tradecraft, modern attackers.

How legacy red team tradecraft is being reused by modern attackers and what it means for detection and defensive readiness.

Red Team Exercise SmokedHam ThunderShell Parcel RAT WorkersDevBackdoor Malware

April 15, 2026 • Charles F. Hamilton Read article

Free Cloud Security Assessment

CYPFER is offering a complimentary cloud assessment focused on identifying a selection of attack paths within your cloud environment.

Cypfer Cloud Azure

March 31, 2026 • Marie-Eve Bergeron Read article

Strengthen Your Security Posture with a Detection Capability Assessment

Empower Your Blue Team with Real-Time Training and Comprehensive Threat Detection

Cypfer Red Team Detection Capability Assessment

June 13, 2025 • Marie-Eve Bergeron Read article

Cobalt Strike redirectors using AWS and Azure

One of the challenges for red team operators is to maintain their command & control (c2) infrastructure. An aspect that can be time consuming is obtaining reputable domain names to be used by c2 server.

Red Team Exercise Cobalt Strike AWS Azure

May 1, 2025 • Martin Verreault Read article

Why Red Teams Keep Winning

Discover the latest red team tactics and real-world techniques threat actors are using and how CYPFER is staying ahead of them

Red Team Exercise vulnerabilities exploits

April 4, 2025 • Charles F. Hamilton Read article