When AI Reconnaissance Loses Context during real attacks
Analyzing nonsensical AI-driven reconnaissance patterns and why context-less automation fails in real-world attacks.
CYPFER Offensive Practice
All published posts
You can find all of our published articles and search them.
Showing all posts
Assumed Breach Engagements: When the Threat Is Custom, the Tools Should Be Too
How we engineered our own deployment infrastructure, so our team spend every hour of an engagement doing what matters: testing your security, not fighting setup logistics.
Before Mythos Ships, Walk Your Own Attack Paths.
Mythos will make 0days cheaper and faster. But the real risk isn't the front door; it is the misconfigured domain sitting wide open behind it and the poor detection.
Old red team tradecraft, modern attackers.
How legacy red team tradecraft is being reused by modern attackers and what it means for detection and defensive readiness.
Free Cloud Security Assessment
CYPFER is offering a complimentary cloud assessment focused on identifying a selection of attack paths within your cloud environment.
Strengthen Your Security Posture with a Detection Capability Assessment
Empower Your Blue Team with Real-Time Training and Comprehensive Threat Detection
Cobalt Strike redirectors using AWS and Azure
One of the challenges for red team operators is to maintain their command & control (c2) infrastructure. An aspect that can be time consuming is obtaining reputable domain names to be used by c2 server.
Why Red Teams Keep Winning
Discover the latest red team tactics and real-world techniques threat actors are using and how CYPFER is staying ahead of them