Meet Constantine – Find Mythos-level vulnerabilities in your code. It proves them, patches them, PRs them back. Autonomously.

Download Datasheet

Category: Offensive Security

GhostPack Necromancy: Reforging C# Tools with WasmForge

Praetorian promo graphic for WasmForge. A glowing red sword forged on an anvil among shattered older swords. Headline reads Signed Go Binary on the Outside, Rubeus on the Inside, with subtext that WasmForge compiles C# tools to WebAssembly with no CLR, no AMSI, no signatures.

In the previous post we walked through WasmForge, our Go-to-WebAssembly loader that takes existing signatured Go tools and ships them as opsec-safe binaries. This approach doesn’t just apply to Go, however, as there are many languages that can compile to WebAssembly. Another language of interest to us, especially regarding legacy tools which have been over-signatured, […]

Centurion: Bring Your Own Execution Environment

Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one layer of protection, it implemented a custom virtual machine with 32 opcode handlers, wrapped that in spaghetti code and anti-debug checks, and then buried a second VM […]

Enter the WasmForge: Compiling Sliver into WebAssembly

In our last post we used a Claude skill to systematically beat down VirusTotal detection rates on offensive security tools, with a brief mention of a new loader we’d been using to apply those techniques in bulk. This post is about that loader, which we call WasmForge. WasmForge is, from the user’s perspective, a build […]

When Encryption Isn’t Really Encryption

Padlock sitting outside a transparent box exposing the credential card inside, illustrating Canon printer's broken client-side

Discovery During a recent network security assessment, we were working on an environment that was well-hardened – Patching was current, password policies were strong, and network segmentation was in place. So, as part of our enumeration of all network assets, we started looking for default credentials and this led us to multiple Canon enterprise printers […]

Adversarial Oracles: LLM-Guided EDR Signature Reduction

In previous blog posts we’ve talked about getting nerd sniped. Today we’re going to talk about a kind of nerd sniping that any offensive security tool creator is familiar with; when your tool gets signatured. This normally kicks off a frustrating spiral of back and forth changes between the tool author and security vendors until […]

Your Login Page Is Lying: What AI Agents Find When They Read Your Frontend

A login page rendered semi-transparent, revealing JavaScript route definitions, API endpoint URLs, and a highlighted hardcoded secret behind it.

TL;DR: Single-page applications ship their entire frontend codebase to every visitor, including unauthenticated ones. Even a login page with no visible functionality delivers JavaScript bundles containing route definitions, API endpoint URLs, authentication logic, data models, and sometimes hardcoded secrets. As part of Guard’s continuous penetration testing, we use AI-assisted tooling to extract this information and […]

500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise

Funnel filtering hundreds of vulnerabilities down to a critical few highlighted in red

When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint detection and response platforms, vulnerability scanners, cloud security posture tools, container image scanners. A large organization can easily accumulate hundreds of thousands of individual findings. The standard response is to sort by CVSS score, filter for criticals, and […]

The Attack Helix: Praetorian’s AI & Economic Architecture for Offensive Security

The Attack Helix

The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. The Tipping Point One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December of 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach the Mexican government agencies and a financial institution. […]

Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit

What Are Shadow Admins in AD? A common problem we encounter within many customer Active Directory environments are accounts that, at first glance, may appear innocuous, but that actually have hidden administrative privileges or unrolled privileges equivalent to those of a domain administrator account. We call these accounts shadow domain admins. These accounts don’t show […]