Browse Labs
Research & Analysis

Structured thinking.
Practitioner-grade depth.

Technical notes, structured analyses, and investigative deep-dives. More detailed than blog posts; less formal than papers.

Deep AnalysisAvailable

Attack Path Modeling in Segmented Enterprise Networks

Maps how attackers traverse segmented environments using legitimate credentials, trusted tools, and protocol abuse rather than perimeter bypasses.

  • Tier-0 asset exposure through transitive group membership in 6 of 8 lab simulations
  • AS-REP Roasting effective against default configurations in all tested environments
  • Constrained delegation abuse consistently underdetected across Elastic and Splunk baselines
35 min · Apr 2026
Technical NoteBuild Stage

Adversarial Prompt Taxonomy: Classification and Bypass Analysis

Structured classification of prompt injection and jailbreak techniques, mapped to the safety mechanism they bypass.

22 min · Mar 2026
Deep AnalysisBuild Stage

Telemetry Coverage Gaps in Standard SIEM Deployments

Systematic review of ATT&CK techniques consistently under-logged in baseline Elastic and Splunk deployments.

28 min · Feb 2026
ArchitectureBuild Stage

Lab Design Tradeoffs: Realism vs. Safety in Cyber Range Environments

Design decisions in building offensive labs - balancing environmental realism against isolation and operational safety.

15 min · Dec 2025
Technical NoteAvailable

RAG Injection Vectors in Production LLM Pipelines

Analysis of injection surface in retrieval-augmented generation systems: vector DB poisoning, context stuffing, and chunk boundary attacks.

  • Adversarial embeddings bypassed similarity thresholds in 4 of 6 tested retrieval models
  • Chunk boundary injection enables instruction smuggling in long-context retrievals
  • RBAC on retrieved documents not propagated to generated output in 3 production-grade frameworks
18 min · Apr 2026
Deep AnalysisAvailable

IAM Privilege Escalation Patterns in AWS and Azure

Enumeration and classification of privilege escalation paths using misconfigured IAM roles, policy mismatches, and service identity abuse across AWS and Azure.

  • PassRole combined with AttachUserPolicy enables full privilege escalation in 78% of reviewed tenants
  • Service-linked roles consistently bypassed in IAM audits due to their non-standard naming
  • Azure Managed Identity token exchange viable via SSRF without outbound network restrictions
30 min · Mar 2026
MethodologyAvailable

Measuring Real Detection Coverage Against ATT&CK Sub-techniques

A methodology for mapping actual SIEM rule coverage against ATT&CK sub-techniques, with aggregate results from six enterprise SIEM deployments.

  • Median coverage of relevant sub-techniques: 34% across all six deployments
  • Initial access and persistence sub-techniques showed the lowest coverage density
  • Defense evasion had the highest rule volume but the lowest true-positive rate
20 min · Feb 2026
ArchitectureAvailable

Dependency Risk Modeling in Modern Software Supply Chains

Framework for quantifying and prioritising supply chain risk across npm, PyPI, and Go module ecosystems based on provenance, maintenance activity, and exposure surface.

  • Median Node.js production application has over 1,200 transitive dependencies
  • 58% of high-severity supply chain incidents in 2024-25 involved packages with fewer than 3 active maintainers
  • Provenance attestation adoption remains below 8% across top-1000 npm packages
24 min · Jan 2026