Blog

Notes from the attack team.

Field notes on red teaming, pentesting, TIBER/DORA and offensive security training.

Attackers’ Truth: Adapting the Storm-2949 Cloud Breach for Red Teaming

In February 2026, a critical manufacturing organization was compromised not by zero-day malware, but by their own cloud architecture.

Johannes Schoenborn · Jul 7, 2026

Cybersecurity Breakfast Session together with the Austiran Business Council, Netherlands Business Council and the German Emirati Joint Council for Industry & Commerce

Speaking at the recent Austrian Business Council UAE cybersecurity event reinforced a critical market reality. The region is building the future, but foundational security is trailing behind the pace of innovation.

Johannes Schoenborn · Jul 6, 2026

One-Off vs. Managed Pentesting: What Financial Institutions Must Know

Banks and large enterprises are not defined by a single website or mobile app. A modern financial institution might operate hundreds of interconnected services – from customer-facing portals to backend APIs, building management systems, and even IoT-based C…

Johannes Schoenborn · Jul 26, 2025

Pandas, Bears and Threat Actors: Why Red Teaming Goes Beyond CVEs

Why are there a panda and a bear in our current social media banners? They are not random mascots – they represent real-world threat actors (e.g., China-based APT “Panda” groups and Russian “Bear” groups) that define modern cyber conflict. Each has its own…

Johannes Schoenborn · Jul 23, 2025

We have security solution X, do we even need a pentest?

" We already run Vectra and CrowdStrike — do we still need pentests? " This caught me a bit off-guard.

Johannes Schoenborn · Jun 20, 2025
Full archive on blog.xplt.com