Showing Posts From

• James Henderson
• 5 May 2026

Skill Issues: Compromising Claude Code with malicious skills & agents -- Part 1

With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 1 of a 3 part series exploring the attack surface and defensive recommendations

• Max Keasley Owen Reeve Sharan Patil
• 4 May 2026

Where There Is MSSQL, There Is A Way

Authentication coercion via xp_dirtree and other stored procedures are well known tricks and are often blocked. What if we find other methods to capture Net-NTLMv2 hashes? As the latest organisation joining in the MSSQL EPA and NTLM relay research, we are here to highlight our journey of exploiting MSSQL NTLM Relay.