Research, field notes, and practitioner perspective
Insights and field notes from real-world penetration tests and security research by the experts at Vilkas.
Showing 31 of 31 total posts
Learn the key differences between a vulnerability scan and a penetration test, and why choosing the right one can make or break your…Learn the key differences between a vulnerability scan and a penetration test, and why choosing the right one can make or break your security.
LDAP signing is a critical but often overlooked setting in Active Directory. This post explains LDAP signing's job, why enforcing it is…LDAP signing is a critical but often overlooked setting in Active Directory. This post explains LDAP signing's job, why enforcing it is essential for AD security, and how to safely configure it.
While making some additions to our in-house penetration testing reporting tool, we started looking into metrics. We decided to review the…While making some additions to our in-house penetration testing reporting tool, we started looking into metrics. We decided to review the most prevalent internal network pentest findings from 2024.
Some of the biggest dangers in Active Directory are default settings that most organizations have never changed. One of the most quietly…Some of the biggest dangers in Active Directory are default settings that most organizations have never changed. One of the most quietly impactful is a setting called ms-DS-MachineAccountQuota.
For practitioners who want to share useful work
Whether you're breaking down a recent pentest or reflecting on a red team engagement, we welcome your insights. Share your tactics, lessons learned, and perspectives with the community.
Learn How to Contribute