Our research team discovers, analyzes, and publishes original security research — from zero-day vulnerabilities and CVE deep-dives to threat actor tracking and supply chain analysis.
Deep-dive vulnerability analysis, threat intelligence reports, and original exploit research from the Strobes security team.
Authentication bypass in TeamCity leads to complete CI/CD pipeline compromise. Our analysis covers the vulnerability mechanics, exploitation path, and why this is a prime supply chain target.
Using passive DNS, certificate transparency logs, and JARM fingerprinting to map APT29 command-and-control infrastructure across 47 autonomous systems.
Mass exploitation of ConnectWise ScreenConnect auth bypass. We analyze the vulnerability, track active exploitation campaigns, and provide detection rules for SOC teams.
Investigating a real-world dependency confusion campaign targeting internal package names. Includes detection methodology, scope assessment framework, and remediation playbook.
Our automated approach to finding and validating dangling DNS records across enterprise attack surfaces. Covers CNAME, NS, and MX-based takeover vectors with real-world case studies.
Exploiting the Jenkins CLI args4j vulnerability for arbitrary file read, then escalating to remote code execution through credential extraction. Full kill chain analysis with YARA rules.
Technical analysis of LockBit 3.0 internals — encryption routines, anti-analysis techniques, lateral movement patterns, and EDR evasion. Includes MITRE ATT&CK mapping.
Path traversal vulnerability in Fortra GoAnywhere MFT allows unauthenticated attackers to create admin accounts. We detail the root cause, exploitation mechanics, and mass scanning results.
Security engineers and researchers who drive original vulnerability discovery and threat intelligence at Strobes.
CTO
Head of Research
Head of Security
Strobes platform customers get research-grade threat intelligence integrated directly into their exposure management workflow.
