PurpleSec
Where offense meets defense — a living archive of real-world attack paths, Hack The Box pwns, and threat research, built to make defenders think like attackers.
PurpleSec — Cybersecurity Research & Enterprise Defense
Offensive Ops
Full-chain adversary emulation — recon to privilege escalation, modeled on real-world TTPs.
Browse pwns →
Active Directory
Kerberoasting, NTLM relay, ADCS abuse, delegation, and DCSync — the domain-compromise paths that matter.
Explore techniques →
Defense & Research
Attacker tradecraft turned into detections, hardening baselines, and SIEM logic for blue teams.
Read the blog →
Certifications
Honest exam debriefs and study notes for PNPT, OSCP, CPTS, and CISSP — what actually shows up.
View credentials →
0+
HTB Machines Pwned
0+
AD Attack Techniques
0+
Research Articles
0+
Years In The Field
Latest Drop
Featured Intel
Freshly published from the research desk.
Latest Post
Windows 11 26H2: Everything You Need to Know — Features, AI Integration, Security, and the Great Architecture Split
A massively detailed guide to Windows 11 version 26H2 — the fall 2026 annual update. Covers the enablement package delivery model, AI-powered features like Copilot Vision and Click to Do, the 26H1 vs 26H2 architecture split, security hardening with hotpatching, Smart App Control, and Pluton, enterprise migration strategies from Windows 10, and what it all means for IT professionals.
Read full analysis →
From the blog
Recent Posts
Writeups and research notes, newest first.
Jun 23, 2026Windows 11 26H2: Everything You Need to Know — Features, AI Integration, Security, and the Great Architecture SplitJun 21, 2026The Anatomy of a Botnet: History, Architecture, and the Botnet EconomyJun 21, 2026Wi-Fi Snitching: How Microsoft Teams' New Auto-Detect Feature Works (And How to Opt-Out)Jun 21, 2026RoguePlanet: Deep Dive into the Microsoft Defender TOCTOU Zero-Day (CVE-2026-50656)Jun 20, 2026An AI Agent Is an Identity — and Most Organizations Don't Treat Them That WayJun 17, 2026The Great Telegram Lockdown: Exam Leaks, Timestamp Forgery, and the Global War on ModerationJun 16, 2026Deep Dive: CVE-2025-57819 - Critical RCE in Sangoma FreePBX
Credentials
Certifications
Validation that the methodology holds up under pressure.
PNPT
Practical Network Penetration Tester
Certified
Anthropic
Claude Code in Action
Certified
Securiti
AI Security & Governance
Certified
AZ-104
Azure Administrator Associate
Certified
SC-300
Identity and Access Administrator
Certified
OSCP
Offensive Security Certified Professional
In Progress
Ethos
Words to Hack By
Let's talk security.
Building something, breaking something, or hardening something? I'm always up for a sharp conversation on offensive tradecraft, detection engineering, or where the industry is heading next.