// Blog

Security Insights & Research

Original analysis from our penetration testing, cloud security, and AI research teams — updated regularly.

Active Directory Attack Paths in 2025: What's Changed and What Hasn't
Penetration Testing

Active Directory Attack Paths in 2025: What's Changed and What Hasn't

Kerberoasting and pass-the-hash remain evergreen — but DCSync via Azure AD Connect and PRT token theft have fundamentally shifted how attackers move through modern hybrid environments.

1 April 2025 · 3 min read · Commerware.Read Article →
When AI Audits AI: Securing LLM Deployments with OffSecAI's Prompt Injection Framework
OffSecAI · AI Security

When AI Audits AI: Securing LLM Deployments with OffSecAI's Prompt Injection Framework

18 March 2025 · 2 min read
The 7 AWS Misconfigurations We Find in Every Enterprise Audit
Cloud Security

The 7 AWS Misconfigurations We Find in Every Enterprise Audit

5 March 2025 · 2 min read
NIS2 Directive: What UK Operators of Essential Services Must Do Now
Compliance & GRC

NIS2 Directive: What UK Operators of Essential Services Must Do Now

12 February 2025 · 3 min read
Certificate Pinning Bypass in 2025: Frida, Objection, and What Still Works
Mobile Security

Certificate Pinning Bypass in 2025: Frida, Objection, and What Still Works

3 February 2025 · 4 min read
Designing Zero Trust Networks for SMEs: A Practical Guide Without Enterprise Budgets
Network Architecture

Designing Zero Trust Networks for SMEs: A Practical Guide Without Enterprise Budgets

20 January 2025 · 2 min read