• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Minneapolis: +1 612-324-7410 
  • Dubai: +971 (0)4 427 0429

Blog

You are here

By Luca

Introduction To Red Teaming

Jun 26, 2018

When a company is in the process of proactively improving security posture, there are various services and standards that comes into help. Continue reading

By Valeria

Security Testing - How to Choose the Right Provider

Jun 13, 2018

In our previous blog, we discussed the rising importance of security testing, and in particular red teaming, to mitigate the plethora of risks associated with managing your data in today’s digital world. Continue reading

By Valeria

Cyber Security – Are You Seeing Red?

Jun 11, 2018

        Based on our experience over the last year, companies large and small are ramping up their security testing measures – and this comes as no surprise given the scale of the threats facing businesses in the digital era. Continue reading

By Antonio

Fun with SQL Injection using Unicode Smuggling

May 02, 2018

During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. Continue reading

By Guy

What is the difference between ISO 27001 and ISO 27002?

Apr 25, 2018

In short, ISO 27001 is the standard for implementing an Information Security Management System (ISMS) that companies are certified against. Continue reading

By Nick

OWASP Top 10 2017 Final Release Review

Apr 19, 2018

Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected. Continue reading

By Robin

Active Directory Password Auditing Part 2 - Cracking the Hashes

Mar 20, 2018

In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit. Continue reading

By Gina

How to Spot Phishing Email Attacks

Nov 17, 2017

Social engineering attacks are becoming increasingly popular amongst attackers, as a strategy to breach companies. Continue reading

By Antonio

Quick Comparison Between iOS and Android Encryption

Nov 13, 2017

Encryption in mobile devices is tricky and often developers do not fully understand the mechanisms that iOS and Android, the most common operating systems for mobile devices, provide to ensure data stored on the devices remains relatively secure. Continue reading

By Daniel

PostgreSQL 9.x Remote Command Execution

Oct 26, 2017

During a recent penetration test I was able to gain access to a PostgreSQL 9.0 service. Continue reading

Pages