Blog Posts

RSS

Coruna: Analysis of a Chained iOS/macOS Exploit Kit

A concise technical review of recovered Coruna artifacts, exploit-chain composition, and the tactics that made old tradecraft effective again.

AirSnitch: Lateral Movement from Guest Wi-Fi to Internal Network

How old Wi-Fi attack primitives are being recombined into practical, modern machine-in-the-middle paths.

ClearFake and the Evolution of Browser-Native C2

How ClearFake turns JavaScript into a browser-resident implant with blockchain-backed indirection.

Abusing Microsoft ClickOnce as an Initial Access Primitive

How ClickOnce deployment flows become a low-noise payload delivery channel inside trusted Windows execution paths.