Modern web applications rely heavily on automation. Email notifications, document processing alerts, and password recovery workflows are all common features designed to improve usability and stream...

In a true black-box assessment, the engagement begins with minimal information: a target URL and no prior knowledge of the application’s architecture, credentials, or codebase. During a recent enga...

Companies today pour fortunes into building digital fortresses. They deploy robust Web Application Firewalls, obsess over Zero-Trust architectures, and lock down their Identity and Access Managemen...

Sometimes the biggest breaches start with the simplest blind spots. During a recent engagement, we were handed what looked like an ordinary corporate portal, with a clean interface, a standard logi...

In late 2025 and early 2026, the cybersecurity landscape witnessed a disturbing trend involving the mass disclosure of Supabase API keys. This pattern came to a head when our team identified a mass...

A security professional working in the threat hunting domain recently identified a suspicious URL specifically targeting macOS users. The campaign appears to leverage a macOS variant of the well-kn...

Certified Red Team Operator (CRTO 1) – Review and Tips Soham is an experienced Security Consultant specialising in network penetration testing, active directory exploitation, and red teaming. He e...

Overview Punit is a Managing Consultant at Cognisys Group, specialising in application security with a strong focus on offensive security and secure coding practices. With experience spanning mult...

Introduction Hack The Box (HTB) Prolab - Dante offers a challenging and immersive environment for improving penetration testing skills. This is a Red Team Operator Level 1 lab. This lab demands ex...

Overview At Cognisys, our days are filled with uncovering the intricacies of various applications, but some projects stand out due to their complexity and the insights they provide. Recently, we t...