Explore the world
of Cybersecurity

  • Penetration Test

    Performing NTLM relay attacks against AD CS in ESC8 scenarios by exploiting RBCD

    Giuseppe Caruso

    In this article, I analyse an end-to-end attack chain that combines relaying to AD CS, authentication coercion via PetitPotam, and the exploitation of Resource-Based Constrained Delegation (RBCD). I will show you how these techniques can be chained together to impersonate privileged accounts and compromise the Domain Controller, whilst also exploring the role of U2U and S4U in the final stages of the attack.

  • Application security

    Security by Design: why it is essential in 2026

    Valentina Sona

    By 2026, Security by Design will no longer be optional. The data shows a steady rise in vulnerabilities, cyberattacks and data breaches. Taking action ‘after the event’ is no longer enough to protect systems and data, and without a cross-functional approach, any security strategy will be incomplete.

  • Direttive UE

    DORA regulation and the TLPT testing methodology

    Gabriele Riva

    The European DORA Regulation marks a turning point for the financial sector, introducing stringent requirements to ensure digital operational resilience and the ability to effectively manage cyber incidents. Among the new features, Delegated Regulation (EU) 2025/1190 defines the technical and methodological standards for the adoption of Threat-Led Penetration Testing (TLPT), reinforcing the structured approach to security testing based on real threats.

  • Direttive UE

    NIS2 and 2026 deadlines: why offensive security has become a strategic requirement

    Gabriele Riva

    2026 marks a turning point for the NIS2 Directive: from this year onwards, operational obligations, regulatory oversight and the first assessments of organisations’ actual security levels will come into full effect. Offensive Security is the key tool for demonstrating compliance and resilience.

  • Case Study

    Physical Red Teaming: Betrusted it is not only digital, but also physical

    Enrico Ingenito

    In this case study, we will tell you how we organised Physical Red Teaming activities at the ACME company buildings located in the centre of Clerville.

  • Application security - Case Study

    Red Teaming LLMs with Evolving Prompts

    Davide Ornaghi

    LLM attacks taxonomy When approaching the offensive security side of large language models, three terms frequently surface: prompt injection, jailbreak, and evasion. They’re most often used interchangeably, but they actually describe distinct attacker goals and also rely on different Tactics, Techniques and Procedures (TTPs). Understanding the differences is essential both for building secure systems and […]

  • Direttive UE

    Betrusted obtains ISO 27001 certification

    Davide Ornaghi

    We are proud to announce that on 17 July 2025, we obtained ISO 27001 certification, the international standard that defines best practices for information security management.

  • Case Study - Phishing

    How we bypassed a popular email threats protection solution

    Giuseppe Caruso

    In this article we describe how we bypassed a popular Email Threat Protection solution using phishing techniques that exploited the limitations of AS Patterns.

Discover how we can help you

Together, we’ll find the best solutions to tackle the challenges your business faces every day.