Research & Insights

Security Blog

Vulnerability research, technical deep dives, and offensive security insights from the Atvik team.

ResearchMarch 27, 2026

Kerberos Relay via CNAME Abuse: Reproducing CVE-2026-20929 in GOAD

We reproduced the Kerberos CNAME relay attack (CVE-2026-20929) in a GOAD lab and dumped SAM hashes across domain boundaries. Pure Kerberos, zero NTLM. Here is how it works, the issues we hit, and what it means for your environment.

Read article

ResearchFebruary 25, 2025

CVE-2025-1648 | Yawave Plugin Unauthenticated SQL Injection

Security analysis of a critical SQL injection vulnerability in the Yawave WordPress plugin, including technical breakdown and remediation guidance.

Security AdvisoryOctober 17, 2024

CUPS Vulnerability: What You Need to Know

Understanding the CUPS printing system vulnerability and how to protect your systems from this widespread Linux attack vector.

Cloud SecurityOctober 17, 2024

Unveiling the Most Common AWS Security Misconfigurations

A comprehensive guide to identifying and fixing common AWS security issues that leave organizations exposed.

KubernetesOctober 17, 2024

Kubernetes Security: Safeguarding Cloud-Native Workloads

A thorough guide for safeguarding your cloud-native workloads in Kubernetes environments, from RBAC to network policies.

AI SecurityOctober 17, 2024

Safeguarding Against LLM Prompt Injection

Understanding and mitigating prompt injection attacks in large language model applications — the emerging attack surface of AI.

AIOctober 17, 2024

Running a Local LLM AI: Ollama

Guide to running large language models locally using Ollama for enhanced privacy and control over your AI infrastructure.