Research
Original offensive security research, threat intelligence, and vulnerability analysis from OCIC Research.
6 results
Breaking Authentication in Modern Web Applications
A systematic walkthrough of authentication bypass techniques in modern web stacks — from JWT confusion to session fixation and OAuth state abuse.
Read Research
Shadow Infrastructure at Scale
How threat actors build, rotate, and disguise operational infrastructure at scale — and the fingerprinting techniques we use to track it.
Read Research
A Deep Dive into LNK File Attacks
LNK files remain a reliable initial-access vector. We dissect current APT campaigns abusing Windows shortcut files and document detection opportunities.
Read Research
Abusing OAuth Flows for Account Takeover
Practical exploitation of common OAuth 2.0 misconfigurations that lead to account takeover, covering state parameter bypass, redirect URI abuse, and token leakage.
Read Research
Cloud Misconfigurations in the Wild
A survey of high-impact cloud misconfigurations observed across AWS, Azure, and GCP environments — ranked by exploitability and blast radius.
Read Research
Tracking APT Campaigns with Open Source Tools
A field guide to infrastructure correlation, TTP mapping, and attribution using fully open-source tooling — no commercial threat intel subscriptions required.
Read ResearchExplore More
Discover our capabilities, products, and knowledge resources.