Blog Posts
ClearFake and the Evolution of Browser-Native C2
- Analysis
- January 24, 2026
- 6 mins
How ClearFake turns JavaScript into a browser-resident implant with blockchain-backed indirection.
Abusing Microsoft ClickOnce as an Initial Access Primitive
- Red Team Tactics
- January 15, 2026
- 7 mins
How ClickOnce deployment flows become a low-noise payload delivery channel inside trusted Windows execution paths.
ICS Phishing: When Your Calendar Becomes the Attack Surface
- Red Team Tactics
- December 14, 2025
- 9 mins
How calendar invites become phishing payloads that bypass inbox controls and live inside trusted apps.
APT31 Today: When Trusted Cloud Infrastructure Becomes the Attack Surface
- Apt
- December 7, 2025
- 5 mins
How APT31 turned Microsoft Dev Tunnels, cloud storage, and signed binaries into stealthy command and control.