Blog Archives - Page 2 of 7

Living off WinRM: Abusing Complexity in Remote Management

Key Context: What Is LOLBAS Anyway? LOLBAS (Living Off The Land Binaries, Scripts, and Libraries) are legitimate Windows tools and binaries that attackers abuse to perform malicious actions without using custom malware. One of the

Introducing Cardinal AI for Agentic Exposure Management

How do you know if your security program is actively reducing exposure risk? You’ve got a full security stack. Vulnerability findings pile up, but they ignore exposures like cloud misconfigurations and prevention control gaps. You

MCP Defaults Will Betray You: The Hidden Dangers of Remote Deployment

The Model Context Protocol (MCP) enables seamless integration between large language models (LLMs) and external tools. It powers agent-driven workflows in platforms like Claude Desktop and GitHub Copilot. Typically, developers use MCP servers to expose

AI’s Role in Operationalizing Threat Intelligence

Is the “intelligence” in Threat Intelligence actually a misnomer? Intelligence implies analyzing and interpreting raw, unprocessed information to make decisions and solve problems. Information becomes intelligence when it’s actionable. That’s the missing gap with most

The Art of Anomaly Hunting: Learning from Legitimate Patterns for Detection

When writing detections based on threat reports, research blogs or other sources, common sense dictates that we should find a way to alert on the malicious actions as best as possible, ideally using TTPs. This

Vulnerability vs Exposure Management: How Context & Exploitability Clarify True Risk

Traditional vulnerability management is great at telling you what’s broken–just ask the team managing your neverending backlog of vulnerability findings. But it’s not great at incorporating context on your specific threat landscape and attack surfaces.

Detection for CTEM: When One Good Detection Is Worth Dozens of Patches

IT and security teams have been pushed for years: just patch faster. Automate remediation. Chip away at that vulnerability backlog (and do it quickly). But speed isn’t the only problem, context matters too. It’s critical

Compensating Controls for Exposure Management: The Ultimate Guide

In a perfect world, you’d have enough time and resources to address every vulnerability and exposure. You could carefully implement tailored remediations that address specific security gaps. Patches would have little to no impact on

CardinalOps in the Preemptive Exposure Management Gartner Report

Security teams aren’t just asking “are we vulnerable?” anymore. They’re asking, “Where are we exposed…. and what can we do about it before something happens?” That’s the future Gartner lays out in their June 2025

Detection Pitfalls You Might Be Sleeping On

Detection engineering isn’t just about finding bad behavior. It’s about understanding how attackers appear normal—on accident or by design. Some of the most successful evasion techniques don’t involve zero-days or encryption. They rely on you writing

Polymorphic AI Malware: A Real-World POC and Detection Walkthrough

What Is Polymorphic AI Malware? Polymorphic AI malware refers to a new class of malicious software. It leverages artificial intelligence models, such as GPT-based language models, to dynamically generate, obfuscate, or modify its own code

The Analyst Who Cried Malware: Rethinking False Positives and Alert Fatigue

False positives aren’t just annoying. They’re corrosive. Every unnecessary alert chips away at the analyst’s attention span. Every poorly designed rule teaches the SOC to distrust its own tools. Every noisy detection makes it harder