Meet Constantine – Find Mythos-level vulnerabilities in your code. It proves them, patches them, PRs them back. Autonomously.

Download Datasheet

Category: Uncategorized

When Encryption Isn’t Really Encryption

Padlock sitting outside a transparent box exposing the credential card inside, illustrating Canon printer's broken client-side

Discovery During a recent network security assessment, we were working on an environment that was well-hardened – Patching was current, password policies were strong, and network segmentation was in place. So, as part of our enumeration of all network assets, we started looking for default credentials and this led us to multiple Canon enterprise printers […]

A Possible Solution to the Zodiac Killer Z32 Cipher

Introduction The Zodiac Killer, one of America’s most notorious unsolved serial killer cases, sent numerous encrypted messages to newspapers during his reign of terror in the late 1960s and early 1970s. While his 408-character cipher was eventually cracked, the shorter “Z32” cipher that accompanied a map of the San Francisco Bay Area has remained unsolved […]

Critical Advisory: Remote Code Execution in Next.js (CVE-2025-66478) with Working Exploit

Critical Advisory - React Next.js RCE

Date: December 4, 2025Severity: Critical (CVSS 10.0)Components: Next.js App Router & React Server Components We are alerting all customers to a critical Remote Code Execution (RCE) vulnerability affecting Next.js applications using the App Router. This vulnerability, tracked as CVE-2025-66478, stems from an upstream issue in the React Server Components (RSC) protocol (CVE-2025-55182). React provided a […]

Ghost Calls: Abusing Web Conferencing for Covert Command & Control (Part 2 of 2)

Ghost Calls

In part one, we discussed the architecture of web conferencing applications, with a specific focus on Zoom’s architecture to support web conferencing at a massive global scale. Part two will discuss the approach we developed to support tunneling traffic through Zoom and Microsoft Teams using the TURN protocol.  Let’s start with a quick recap of […]

Ghost Calls: Abusing Web Conferencing for Covert Command & Control (Part 1 of 2)

Ghost Calls

In the middle of a particularly tight red team engagement, we hit a familiar wall. Our long-term implant was rock solid—quiet, persistent, and thoroughly under the radar. But when it came time to pivot into something more interactive—proxy traffic, tunnel HVNC, relay NTLM—we started running into limits. The channel that worked so well for low-and-slow […]

Azure RBAC Privilege Escalations: Azure VM

Microsoft Azure provides administrators with controls to limit the actions a principal can take within the cloud environment. These actions can broadly be split into two categories: those that impact the Entra ID tenant and those that affect the Azure cloud subscription, the latter of which we will call “RBAC actions.” Prior research into Entra […]

ETW Threat Intelligence and Hardware Breakpoints

Learn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples.

Advisory: Qlik Original Fix for CVE 2023-41265 Vulnerable to RCE

Overview On August 29th, 2023 Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […]