Insights
Opinions and research from people who do this for a living.
Essays and research, open to read.
Subscribe to insightsThe archive
2026
Pip Dreams and Security Schemes, Part II: The Interpreter in the MachineVulnerability Research→Rotten Apples Returns — macOS Codesigning Translocation RevisitedVulnerability Research→What Claude Security gets right — and what it missesAI→Hollywood Has Always Run on Fragmentation. AI Is Making That Everyone's Problem.AI→CIP-003-11 Is Here. Here's How to Comply Without Breaking Your OT EnvironmentCompliance→Test Your People, Not Just Your FiltersOffensive Security→Nobody Gives a S##t About Cybersecurity: A Postcard from the Edge of the IndustryStrategy→The Validation Layer for AI: Why Verifying Vulnerabilities Matters as Much as Finding ThemAI→The Day Zero Trust DiedStrategy→Wrongfully Accused: AI and the Death of Cyber SecurityAI→AI Agents Are Already Hacking You. Your Internal Controls Won't Save You.AI→The $10M Distraction: Why 50,000 CVEs Don't Matter (But 3 Attack Paths Do)Strategy→
2025
AI Security Checklist 2025AI→The Sandworm in Your DependenciesThreats→Why JLR's £3.5bn Cyber Loss Should Change How You Budget SecurityStrategy→Five AI Cyber Use Cases That Actually Work (and Two That Don't)AI→From Point-in-Time Testing to Continuous Exposure ManagementStrategy→Top 7 Cloud Security Trends Every Business Must Know in 2025Strategy→Executive Order Strengthens U.S. CybersecurityCompliance→Financial Services Threat BriefingThreats→IIoT and OT Cybersecurity: The Next Battleground for Cyber AdversariesThreats→Stop Worrying About The Quantum ApocalypseStrategy→Security Awareness Training Is Mostly Pointless: A Practitioner's PerspectiveStrategy→
2024
Threat Led Pen Testing and DORACompliance→When chatbots strikeAI→Cyber insurance — friend or foe?Strategy→Enhancing Vulnerability Management with Incenter Tag FilteringStrategy→Cisco Breached Data Posted on Dark Web ForumsThreats→Pip Dreams and Security Schemes: Chaos in your Configuration FilesVulnerability Research→Microsoft Patch Tuesday Analysis — September 2024Threats→Microsoft Patch Tuesday Analysis — July 2024Threats→Microsoft Patch Tuesday Analysis — April 2024Threats→LLMs Behaving Badly, Part 1 — Malware CreationAI→Purple Teams — The Business Benefits of Cost-Effective Purple Penetration TestingOffensive Security→Microsoft Patch Tuesday Analysis — February 2024Threats→Living off the Land: An Introduction to Blending In for Red TeamsOffensive Security→Unleashing the Power of Purple Teaming with MITRE ATT&CKOffensive Security→Indicators of Compromise (IOC): Understanding, Identifying, and Utilizing Cyber Threat IndicatorsThreats→OSINT in Threat HuntingThreats→
2023
What's Up, Doc? An OSec Approach to the Looney Tunables Bug (CVE-2023-4911)Vulnerability Research→Protecting Education: Cybersecurity's Vital MissionStrategy→Will Continuous Penetration Testing Lead to More Zero-Days?Offensive Security→A Threat Model for Space-Based Data CentersStrategy→Navigating the SEC Cybersecurity Risk Management RulesCompliance→Cracked Open: Why Overlooking Lower-Risk Vulnerabilities Can BackfireVulnerability Research→The Human Touch in Cybersecurity: Why AI Can't Fully Replace Penetration TestersOffensive Security→Is the SQL Injection Optional?Vulnerability Research→Mastering FortiOS Exploitation: No Direct Debugging RequiredVulnerability Research→Unmasking Hidden Dangers: The Critical Need for Threat HuntingThreats→Major Incenter Updates Cover Mobile, API, Cloud and MoreStrategy→Exploit for CVE-2023-2825Vulnerability Research→Getting Root — A Technical WalkthroughVulnerability Research→Don't Put All Your Faith in Cyber InsuranceStrategy→
2022
2021
2020
OWASP London / Suffolk Chapter MeetingStrategy→Establishing a BeachheadOffensive Security→What Is the Future of Commercial Drone Security?Strategy→A Security Strategy for the New NormalStrategy→More Secure Zoom UseStrategy→Hostage Negotiation and Cyber SecurityStrategy→In the Race to the Cloud, What Could Possibly Go Wrong?Strategy→Emerging Trends in Threat Actor Communication MethodsThreats→
2019
The Industry Guide to Being a Successful "Bad Actor"Threats→Tales From the Red Team Crypt — Episode 1Offensive Security→Everyone Can Be Taught New Tricks — Considerations for Application Pen TestsOffensive Security→Lessons Learned from Healthcare Security AssessmentsStrategy→LinkedIn Pwnage: Why We Can't All Be FriendsThreats→Do Better Penetration Tests — for Buyers and TestersOffensive Security→M&A CybersecurityStrategy→Lessons Learned from Working with Media CompaniesStrategy→