main logo icon

Insights & Cybersecurity Stories

Stay up-to-date with our latest tips, trends, and best practices in cybersecurity and penetration testing.

Featured Blog

Your App is Pinned. We Got in Anyway: The Real Story of SSL Pinning Bypass

Learn how attackers bypass SSL pinning with Frida, Objection, and binary patching, plus how to harden your mobile app with native pinning and RASP.

Your App is Pinned. We Got in Anyway: The Real Story of SSL Pinning Bypass
GitHub Actions Security Checklist 2026: 25 Controls to Stop CI/CD Supply-Chain Attacks

GitHub Actions Security Checklist 2026: 25 Controls to Stop CI/CD Supply-Chain Attacks

A pentester-led GitHub Actions hardening checklist for 2026. Twenty-five controls across five categories, anchored on verified CVEs (tj-actions, reviewdog, Ultralytics, Nx s1ngularity, Shai-Hulud), with MITRE ATT&CK mapping and a sprint-by-sprint roadmap.

Web App Security

Arafat Afzalzada · 2026-05-26 | 32 min read

74 views

3

The Kerberos Double Hop Problem Is Not a Problem

The Kerberos Double Hop Problem Is Not a Problem

A technical deep dive into the Kerberos double hop problem: why WinRM second hops fail, how TGT vs TGS and Windows logon types shape a session's credentials, and the offensive workarounds operators rely on.

Network Security

Arafat Afzalzada · 2026-03-27 | 12 min read

3 views

0

The Dark Side of Next.js Server Actions: How Hidden Actions Can Bypass Your Access Controls

The Dark Side of Next.js Server Actions: How Hidden Actions Can Bypass Your Access Controls

This blog explores a critical security flaw in Next.js Server Actions. It explains how attackers use the next-action header to bypass permissions and provides a comprehensive guide on enforcing server-side authorization to protect your data.

Web App Security

Omar Hamdy · 2026-02-09 | 10 min read

113 views

50

Supabase: Powerful, but One Misconfiguration Away From Disaster

Supabase: Powerful, but One Misconfiguration Away From Disaster

A deep dive into Supabase's critical security flaw: how exposed Anon keys can lead to data disaster. Learn why Row Level Security (RLS) is essential to protect your PostgreSQL database.

Network SecurityWeb App Security

Omar Hamdy · 2026-01-26 | 8 min read

314 views

25

Build, Clone, Defend: Long-Range RFID Attacks Explained

Build, Clone, Defend: Long-Range RFID Attacks Explained

Learn how we built a portable 125kHz RFID cloner with 1–2m range. Understand real-world risks and discover key strategies to prevent credential cloning.

Social EngineeringNetwork Security

Arafat Afzalzada · 2025-07-27 | 12 min read

493 views

150

How Gustavo Recovered a Hacked Account on X (formerly Twitter)

How Gustavo Recovered a Hacked Account on X (formerly Twitter)

Gustavo Roberto, a penetration tester at Stingrai.io, shares how he recovered a hacked X account. Learn the attacker's methods, key recovery steps, and tips to secure your account.

Web App Security

Arafat Afzalzada · 2025-07-11 | 7 min read

485 views

403

Is Flipper Zero a Threat for Organizations?

Is Flipper Zero a Threat for Organizations?

Explore the Flipper Zero’s capabilities, potential risks, and how to protect your organization from misuse. Learn expert mitigation strategies from Stingrai.io to secure your systems against this versatile hacking tool.

Social EngineeringNetwork Security

Arafat Afzalzada · 2025-07-11 | 10 min read

140 views

2

PCI-DSS Audit Process: Best Practices

PCI-DSS Audit Process: Best Practices

Learn best practices for navigating the PCI-DSS audit process, from scope definition to remediation, ensuring ongoing compliance and data security.

Web App SecurityNetwork Security

Arafat Afzalzada · 2025-06-24 | 8 min read

51 views

1

Adversary Simulation in Telecom: Case Study

Adversary Simulation in Telecom: Case Study

Discover how adversary simulation uncovers real-world telecom vulnerabilities. Learn key tactics, results, and remediation strategies to boost network security.

Web App SecurityNetwork SecuritySocial Engineering

Arafat Afzalzada · 2025-06-24 | 8 min read

42 views

1