Showing Posts From

2026

Skill Issues: Compromising Claude Code with malicious skills & agents -- Part 2

With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 2 of a 3-part series exploring the attack surface and defensive recommendations, focusing on data exfiltration and code backdooring.

Observing Privilege Escalation in Kubernetes

Kubernetes famously has a lot of moving parts; clusters can get complicated very quickly and maintaining best security practice can be a challenge. What can make this harder is when good intentions to enhance security backfire and actually introduce risk. This blog looks at observability tools in Kubernetes environments and how the nature of their positioning within a cluster, along with often higher privileges, can expose privilege escalation paths to attackers.

Skill Issues: Compromising Claude Code with malicious skills & agents -- Part 1

With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 1 of a 3 part series exploring the attack surface and defensive recommendations

Where There Is MSSQL, There Is A Way

Authentication coercion via xp_dirtree and other stored procedures are well known tricks and are often blocked. What if we find other methods to capture Net-NTLMv2 hashes? As the latest organisation joining in the MSSQL EPA and NTLM relay research, we are here to highlight our journey of exploiting MSSQL NTLM Relay.

Using Spikee for Multi-Turn Jailbreak Attacks

Documentation of the Spikee framework extension for multi-turn attacks on LLM chatbots and agents. Details Crescendo, Echo Chamber, and GOAT attack implementations, alongside benchmarks evaluating base models, local uncensored attack models, and standard guardrails

It's Just a Matter of Time: Backdooring Conditional Access Policies

Conditional Access Policies are a core control in every modern Entra tenant to prevent access outside of expected access methods. A discovery was made on a little-known policy condition that would allow an administrator to define time-based restrictions on when a policy would be evaluated or not. In the event that a sufficiently privileged administrator user was compromised, this capability could allow threat actors to effectively "disable" policies while still seemingly being marked as enabled in the portal.

Unexpected Routing Behaviour in AWS with VPC Peering and NAT Gateway

Reversec identified unexpected routing behaviour in AWS with configurations involving NAT gateways and VPC peering connections

Testing Complex Application Flows with Spikee and Playwright

A practical walkthrough of integrating playwright browser automation with spikee to test complex application flows.

Three Confirmed Vulnerabilities in Truesec LAPSWebUI

On a client engagement Reversec encountered the LAPSWebUI application built by Truesec and used for handling Windows users' local administrator passwords. Several vulnerabilities were found and reported to the vendor, which has addressed all of them in version 2.4 released in January 2026.

Building an AI Vishing Solution in 7 Days

A quick and dirty guide on how to rapidly deploy a fully autonomous coversational AI agent for voice-based social engineering

Spikee: Testing for LLM Prompt Injection in Restrictive Environments

A step-by-step guide to using the rejudging functionality within the open-source tool Spikee. This new functionality allows testers to re-perform judging on existing results datasets. Primarily this allows for LLM applications to be assessed within restrictive environments, where a tester does not have access to an LLM for judging.

Azure Arc: A Double-Edged Sword

After receiving 5 CVEs and multiple acknowledgements from MSRC for reporting vulnerabilities leading to LPE using various attack vectors, we are finally revealing some of our findings.