Explore the world
of Cybersecurity

Direttive UE
DORA regulation and the TLPT testing methodology

Gabriele Riva 19 February 2026
The European DORA Regulation marks a turning point for the financial sector, introducing stringent requirements to ensure digital operational resilience and the ability to effectively manage cyber incidents. Among the new features, Delegated Regulation (EU) 2025/1190 defines the technical and methodological standards for the adoption of Threat-Led Penetration Testing (TLPT), reinforcing the structured approach to security testing based on real threats.
Direttive UE
NIS2 and 2026 deadlines: why offensive security has become a strategic requirement

Gabriele Riva 11 February 2026
Il 2026 è un punto di svolta per la Direttiva NIS2: da quest'anno entrano pienamente in vigore gli obblighi operativi, i controlli dell’Autorità e le prime verifiche sul livello reale di sicurezza delle organizzazioni. L'Offensive Security è lo strumento chiave per dimostrare conformità e resilienza.
Case Study
Physical Red Teaming: Betrusted it is not only digital, but also physical

Enrico Ingenito 22 January 2026
In this case study, we will tell you how we organised Physical Red Teaming activities at the ACME company buildings located in the centre of Clerville.
Application security - Case Study
Red Teaming LLMs with Evolving Prompts

Davide Ornaghi 23 December 2025
LLM attacks taxonomy When approaching the offensive security side of large language models, three terms frequently surface: prompt injection, jailbreak, and evasion. They’re most often used interchangeably, but they actually describe distinct attacker goals and also rely on different Tactics, Techniques and Procedures (TTPs). Understanding the differences is essential both for building secure systems and […]
Direttive UE
Betrusted obtains ISO 27001 certification

Davide Ornaghi 13 October 2025
We are proud to announce that on 17 July 2025, we obtained ISO 27001 certification, the international standard that defines best practices for information security management.
Case Study - Phishing
How we bypassed a popular email threats protection solution

Giuseppe Caruso 15 September 2025
In this article we describe how we bypassed a popular Email Threat Protection solution using phishing techniques that exploited the limitations of AS Patterns.
Penetration Test
When Java Web Start won’t listen: bending a JNLP app to your proxy

Davide Ornaghi 12 June 2025
Pentesting isn’t always about sleek tools and shiny APIs. I recently faced a legacy Java Web Start app hidden behind a VPN-accessed PAM portal—and it flat-out ignored all my proxy settings. Neither JVM flags nor OS-level variables worked, and to make matters worse, it was running on Windows. By forcing proxy usage at the socket level and decoding both Fast Infoset and Java-serialized SOAP, I managed to break through the layers and uncover serious client-side trust flaws.
Application security - Direttive UE - EU Directives
NIS2 Directive: The Second Phase of the Implementation Process Begins

Valentina Sona 20 May 2025
On April 10, 2025, the National Cybersecurity Agency (NCA) launched the second phase of the NIS2 Directive implementation process, notifying organizations that registered in the first phase of the classification assigned to them.Based on over 30,000 registrations, NCA identified more than 20,000 organizations in Italy as NIS entities. Among them, over 5,000 have been classified as essential entities.In this article, I’ll clarify the notifications, what they contain, and the timelines for the organizations involved.