Meet Constantine – Find Mythos-level vulnerabilities in your code. It proves them, patches them, PRs them back. Autonomously.

Download Datasheet

Tag: offensive security

Adversarial Oracles: LLM-Guided EDR Signature Reduction

In previous blog posts we’ve talked about getting nerd sniped. Today we’re going to talk about a kind of nerd sniping that any offensive security tool creator is familiar with; when your tool gets signatured. This normally kicks off a frustrating spiral of back and forth changes between the tool author and security vendors until […]

Your Login Page Is Lying: What AI Agents Find When They Read Your Frontend

A login page rendered semi-transparent, revealing JavaScript route definitions, API endpoint URLs, and a highlighted hardcoded secret behind it.

TL;DR: Single-page applications ship their entire frontend codebase to every visitor, including unauthenticated ones. Even a login page with no visible functionality delivers JavaScript bundles containing route definitions, API endpoint URLs, authentication logic, data models, and sometimes hardcoded secrets. As part of Guard’s continuous penetration testing, we use AI-assisted tooling to extract this information and […]

Your API Has Authorization Bugs. Hadrian Finds Them.

Hadrian security API authorization testing framework

Authorization vulnerabilities are the most common critical finding in our API penetration tests. We find them on nearly every engagement: a user changes an ID in the URL and gets back another user’s data. Broken Object Level Authorization (BOLA) has been the #1 risk on the OWASP API Security Top 10 since the list was […]

Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem

NTLM relay attack Active Directory diagram showing domain controller with unconstrained delegation vulnerability

The False Sense of Security SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained delegation. Domain controllers enforce SMB […]

Julius v0.2.0: From 33 to 63 Probes — Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines

TL;DR: Julius v0.2.0 nearly doubles LLM fingerprinting probe coverage from 33 to 63, adding detection for cloud-managed AI services (AWS Bedrock, Azure OpenAI, Vertex AI), high-performance inference servers (SGLang, TensorRT-LLM, Triton), AI gateways (Portkey, Helicone, Bifrost), and self-hosted RAG platforms (PrivateGPT, RAGFlow, Quivr). This release also hardens the scanner itself with response size limiting and […]

AI-Driven Offensive Security: The Current Landscape and What It Means for Defense

AI-driven offensive security cycle showing build, test, detect, and adapt phases around a cube with security symbols

The capabilities of modern AI models have advanced far beyond what most people in the security industry have fully internalized. AI-generated phishing, script writing, and basic offensive automation are getting plenty of attention, but what happens when you apply agentic AI to the full lifecycle of building, testing, and refining custom malware and command-and-control (C2) […]

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

Key Takeaways CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is available addressing multiple COMMGR2 vulnerabilities No evidence of active exploitation in the wild; specific affected […]

Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly

Brutus open-source tool detecting RDP sticky keys backdoors using WebAssembly

Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen […]

Mapping the Unknown: Introducing Pius for Organizational Asset Discovery

Pius open-source asset discovery tool terminal output showing CIDR ranges and domains discovered across multiple registries

Asset discovery is an essential part of Praetorian’s service delivery process. When we are engaged to carry out continuous external penetration testing, one key action is to build and maintain a thorough target asset inventory that goes beyond any lists or databases provided by the system owner. Pius is our open-source attack surface mapping tool […]

Helpdesk Telephone Attack: How to Close Process and Technology Gaps

Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press surrounding these most recent events alludes to helpdesk operators’ roles in the exploits, this type of vulnerability actually is a technology and process […]