The Research Blog

Evaluating LLM Input Comprehension and Guardrail Robustness through Noise-Based Attacks

We evaluate the ability of LLMs to understand text with random noise, and examine how prompts with varying levels of noise could bypass LLM guardrails.

Entra Connect Exploitation in 2025: An Overview

Entra Connect is the bridge between Microsoft's on-prem and cloud worlds, synchronising Active Directory and Entra ID identities. As such, it has traditionally served as a high-value target for threat actors. Conversely, continuous imrpovements by Microsoft have drastically changed the attack surface, leading to confusion about which exploitation techniques are still relevant and which aren't. This post will aim to clarify and document the Entra Connect exploitation landscape in 2025, and what defenders need to know to stay ahead.

Staying Sneaky in the Office (365)

SharePoint APIs provide a default functionality which can be used to download files outside of trusted devices and IP addresses. Thus, bypassing assumptions regarding where sensitive documents can be accessed from and providing an avenue for an attacker to exfiltrate information

Another ECS Privilege Escalation Path

ECS has a range of known privilege escalation vectors. We discovered another which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition. A variant of this for ECS on Fargate is also discussed.

Design Patterns to Secure LLM Agents In Action

A practical walkthrough of six security design patterns for building resilient LLM agents. We explore how structural controls, not just model-level defenses, can mitigate prompt injection, and introduce a hands-on code repository to see these patterns in action.

Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials

Workload Identity Federation - is it all it makes out to be? Does it *really* prevent attackers from extracting credentials from pipeline identities that use modern authentication technique?

Elevating Attack Path Mapping to the Clouds

An introduction to Reversec's Cloud Attack Path Mapping (APM) service, looking at where it originated from, why it works and how it compares to other styles of testing. After looking at the current state of testing, consideration is given to how effective our future-looking service can be for both cloud-native and hybrid environments. Examples are given of previous success stories where interesting, and sometimes unusual, results have occurred!

Mapping Oracle’s Forgotten Pathways: Lateral Movement with ORACrawl

This article explores lateral movement in Oracle databases using chained database links - an area with little prior research or tooling. It introduces ORACrawl, a tool that automates discovery and query execution across multiple database link paths, bypassing Oracle’s constraints and enabling deeper security assessments.

High-Profile Cloud Privesc

Revisiting PowerShell Profile Tricks in Entra Environments

AtivarSpy - Swimming With Delphins

A piece of undocumented Delphi malware was analysed to understand its functionality. In doing so, some interesting techniques were identified, alongside poor coding practices and potential vulnerabilities in the backend malware server.

Spikee: Testing LLM Applications for Prompt Injection

A step-by-step guide using the open-source tool spikee (v0.2) for prompt injection testing in LLM applications. Explores a webmail summarization case study, covering custom dataset creation, testing with Burp Suite and spikee's custom targets, interpreting results, and noting key updates from v0.1 to v0.2 like the Judge system and dynamic attacks.

CloudWatch Dashboard (Over)Sharing

A security vulnerability was discovered in AWS CloudWatch dashboard sharing that allowed unauthorized viewers to access EC2 tags. The issue stemmed from a misconfiguration in Cognito Identity Pools' authentication flow, specifically an undefined setting for the Classic authentication flow. By exploiting this misconfiguration, attackers could retrieve sensitive account information through a multi-step authentication process.