Showing Posts From
Infrastructure Security
-
James Henderson - 5 May 2026
Skill Issues: Compromising Claude Code with malicious skills & agents -- Part 1
With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 1 of a 3 part series exploring the attack surface and defensive recommendations
-
Max Keasley 
Owen Reeve 
Sharan Patil - 4 May 2026
Where There Is MSSQL, There Is A Way
Authentication coercion via xp_dirtree and other stored procedures are well known tricks and are often blocked. What if we find other methods to capture Net-NTLMv2 hashes? As the latest organisation joining in the MSSQL EPA and NTLM relay research, we are here to highlight our journey of exploiting MSSQL NTLM Relay.
- Sharan Patil
- 20 Jan 2026
Azure Arc: A Double-Edged Sword
After receiving 5 CVEs and multiple acknowledgements from MSRC for reporting vulnerabilities leading to LPE using various attack vectors, we are finally revealing some of our findings.