Blog and Knowledge
Insights from ethical hackers on the front lines of cybersecurity. Practical guidance, threat intelligence, and lessons learned from real security engagements.
What is CEO Fraud? Executive Impersonation Attacks Explained for Finance Teams
CEO fraud is a targeted form of Business Email Compromise where criminals impersonate senior executives to trick finance or HR staff into making urgent payments or sharing sensitive data. This guide explains how the attacks work, why they succeed, and which concrete procedures reliably stop them in 2026.
Am I Hacked? 10 Warning Signs and What to Do Next
Think you might be hacked? Learn the 10 most reliable warning signs of compromise, the first 5 actions to take in order, and when to call professional incident response support.
What is Smishing?
Smishing is phishing via SMS or WhatsApp. This article explains what smishing is, why it works so well, typical attack scenarios, and how companies protect their employees with simulations, processes and awareness training.
What is Social Engineering?
Social engineering is the most effective attack technique in modern cybercrime because it targets people instead of systems. This article explains what social engineering is, the main variants, why it works so well, and what companies can concretely do to make their people resilient.
What is Phishing?
Phishing does not succeed because of technology, but because of timing, context and human reflex. This article explains what phishing is, which types exist and how companies reduce successful attacks.
Red Teaming: When Your Organisation Needs More Than a Pentest
A penetration test tells you where vulnerabilities exist. A red team exercise tells you whether your organisation can detect, contain, and respond to a real attack. This guide explains what red teaming is, when you need it, and how it differs from a standard pentest.
Prompt Injection Explained: How Attackers Manipulate Your AI Systems
Prompt injection is the most common attack against AI systems in production. This guide explains how it works, why standard security controls miss it, and what you can do to reduce the risk before the EU AI Act deadline hits.
Social Engineering Assessment: What We Test and Why It Matters
Phishing filters and endpoint protection stop most automated attacks. Social engineering targets the one thing no filter can block: your people. This guide explains what a social engineering assessment tests, how each technique works, and what your organisation learns from it.
How to Solve Phishing Structurally: Identity, Telecom and Payments
Phishing keeps working because the underlying systems still allow impersonation. This article looks at identity, telecom and payment-side controls in the EU and shows which interventions actually reduce damage structurally.
Security Awareness Training: Why It Matters and How to Build a Programme That Works
Most breaches start with human error. Security awareness training reduces that risk, but only if it goes beyond annual e-learning. This guide covers what works, what does not, and how to build a programme your staff will actually remember.
AI, NIS2, and the EU AI Act: What Security and Compliance Teams Need to Do Before August 2026
NIS2, the EU AI Act, and DORA now converge on organisations deploying AI. This guide maps where the three frameworks overlap, what security and compliance teams need to deliver before August 2026, and how a single integrated assessment can satisfy all three.
EU AI Act: What does it mean for your Security and Compliance in 2026?
The EU AI Act will take full effect in August 2026 and requires organizations to ensure AI systems are secure, transparent, and controllable. This article explains what it means for security, risk management, governance, and compliance, and how to prepare.
Incident Response Plan: What to Do in the First 72 Hours After a Cyberattack
NIS2 and DORA require you to report significant incidents within 24 hours. Most organisations have no plan for the first 72 hours. This guide covers what an incident response plan must contain, who does what, and how to meet your regulatory reporting obligations under pressure.
Penetration Testing in the EU: What You Need to Know in 2026
NIS2, DORA, the EU AI Act, and ISO 27001 all require security testing. This guide explains what each regulation demands, where they overlap, and how to build one testing programme that satisfies all four.
NIS2 Penetration Testing Checklist: What your auditor really wants to see in 2026
Discover which penetration testing and security testing auditors really expect for NIS2 compliance across Belgium, the Netherlands and the EU. Includes a practical checklist, audit pitfalls and concrete steps to become provably compliant and audit-ready.
AI Systems Penetration Testing: How to Test the Security of an AI System
AI systems introduce attack surfaces that standard penetration testing does not cover. This guide explains how to test the security of an AI system, what the EU AI Act requires, and how AI pentesting differs from conventional application security testing.
Cyber Insurance in 2026: What Insurers Require and How a Pentest Helps
Cyber insurers are tightening requirements. Organisations without documented security testing, MFA, and incident response plans are facing higher premiums or outright exclusions. This guide explains what insurers actually assess and how a penetration test strengthens your position.
MCP Security: the new attack chain targeting AI Tools
The Model Context Protocol (MCP) creates a new attack surface for AI agents and internal tools. Discover how attackers exploit MCP and how to protect your organization with AI security testing.
How much does a Pentest cost? Realistic Security Costs in Belgium, the Netherlands and the EU
Discover what a pentest really costs in 2026. See realistic EU price ranges, key cost drivers, and how pentesting supports compliance with NIS2, DORA and other.
Pentest Checklist: what should you include in a Pentest engagement?
Complete pentest checklist for companies. Learn what to include in a pentest engagement to test real risks and avoid critical blind spots.
What does a Hacker really do? From OSINT to Pentesting
Hackers work deliberately, starting with public information and human behavior. This article shows how OSINT and realistic pentesting safely reveal how attackers would approach a company.
What do we mean by effective Security Awareness?
Effective security awareness goes beyond knowing what phishing is. It is about how employees in companies respond under pressure, dare to report mistakes, and make the right decisions in realistic situations.
How to prevent Business Email Compromise (BEC): a Practical Guide
Business Email Compromise (BEC) is a targeted scam where attackers impersonate executives or suppliers. Learn practical steps like MFA, verification procedures, and phishing testing to reduce risk.
Phishing Awareness: Practical Risk Reduction for Your Team
Phishing awareness is a key part of cybersecurity awareness training. Phishing attacks exploit human behaviour through social engineering techniques such as appeals to urgency, authority, and trust.
What is a full-scope Pentest?
A full-scope pentest by ethical hackers demonstrates how a company can be truly attacked. Far more than automated scans alone: abuse scenarios, business logic flaws, attack chains, and clear, actionable reporting.
What is Red Teaming?
Red teaming has moved from niche cybersecurity practice into the regulatory mainstream. This article explains what red teaming actually is, the six techniques red teamers use, how engagements unfold, three concrete examples, and which sectors should treat red teaming as essential rather than optional.
API Security Testing: Why Your APIs Are Your Weakest Link
APIs are the fastest-growing attack surface in modern applications. Most organisations test their web interfaces but leave their APIs inadequately assessed. This guide explains what API security testing covers, why APIs are disproportionately vulnerable, and what findings to expect.
Web Application Penetration Testing: What Gets Tested and What It Reveals
A web application penetration test goes beyond automated scanning. Human testers chain vulnerabilities, test business logic, and find what scanners miss. This guide explains what a web application pentest covers, how it differs from a vulnerability scan, and what findings to expect.
The Rise of AI-Powered Attacks: What Ethical Hackers Are Seeing
Attackers are leveraging AI to craft more convincing phishing emails and automate reconnaissance. Here's what organisations should watch for.
Annual Pentest or PTaaS? A Realistic Cost Comparison
Should you choose an annual pentest or PTaaS with continuous security validation? This article compares costs, ROI and practical differences, helping companies make a realistic, risk-based decision.
Physical Penetration Testing: What Testers Actually Find Inside Your Building
Physical penetration testing tests whether the physical controls protecting your systems, data, and people actually work. Locked doors and access card systems fail more often than organisations expect. This guide explains what physical penetration testing covers and what assessors consistently find.
Why Ethical Hacking makes companies stronger: 5 concrete benefits
Ethical hacking gives companies insight into real attack paths, helps set the right priorities, and reduces incident risk. Discover 5 concrete benefits and how an ethical hacker strengthens your security.
Penetration Testing vs. Vulnerability Scanning: Know the Difference
Many organisations confuse automated scanning with real penetration testing. We explain the differences and when you need each approach.
Cloud Security Assessment: What Gets Reviewed and What Assessors Consistently Find
Cloud misconfigurations are among the most common causes of data breaches. Most organisations have a well-tested on-premises environment and an undertested cloud environment. This guide explains what a cloud security assessment covers and what assessors consistently find.
Building a Security-Aware Culture: Beyond Annual Training
Compliance checklists alone do not make an organisation secure. Policies, tools, and one-off training sessions help, but they do not change behaviour.
Zero Trust Security: What It Actually Requires and How to Test It
Zero Trust means no user, device, or connection is trusted by default. This guide explains what Zero Trust actually requires in practice, how it maps to NIS2, and how penetration testing reveals whether your controls work as intended.
Social Engineering in the Remote Work Era
Social engineering remains one of the most effective attack methods because it targets human behaviour. The shift to remote work has expanded both the attack surface and the need for stronger employee security awareness.
Security Awareness on Wheels
Our exciting Security Escape Truck brings cybersecurity awareness directly to your doorstep, offering a unique combination of learning and collaboration.
Understanding NIS2: What European Organizations Need to Know
The NIS2 directive expands cybersecurity requirements across the EU. Learn what's changing and how to prepare your organization for compliance.
Stay Informed
Get the latest security insights delivered to your inbox. No spam, just practical guidance from ethical hackers.
Subscribe to UpdatesNeed Security Expertise?
Our ethical hackers are ready to help secure your organisation.