• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Dubai: +971 (0)4 427 0429


You are here

By Nick

OWASP Top 10 2017 Final Release Review

Apr 19, 2018

Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected. Continue reading

By Robin

Active Directory Password Auditing Part 2 - Cracking the Hashes

Mar 20, 2018

In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit. Continue reading

By Gina

How to Spot Phishing Email Attacks

Nov 17, 2017

Social engineering attacks are becoming increasingly popular amongst attackers, as a strategy to breach companies. Continue reading

By Antonio

Quick Comparison Between iOS and Android Encryption

Nov 13, 2017

Encryption in mobile devices is tricky and often developers do not fully understand the mechanisms that iOS and Android, the most common operating systems for mobile devices, provide to ensure data stored on the devices remains relatively secure. Continue reading

By Daniel

PostgreSQL 9.x Remote Command Execution

Oct 26, 2017

During a recent penetration test I was able to gain access to a PostgreSQL 9.0 service. Continue reading

By Wes

Discovering Sensitive Information in File Shares

Oct 05, 2017

When carrying out internal penetration testing engagements, one of the first areas a penetration tester will focus on is identifying which shares are accessible to low privileged domain users or anonymous users in the hope of finding sensitive inf Continue reading

By Marius

Active Directory Password Auditing Part 1 - Dumping the Hashes

Oct 02, 2017

One of the recurring issues in our internal penetration tests is inadequate password management, which in most cases leads to a fast takeover of the Active Directory (AD) domain. Continue reading

By Dougie

Scanning IPv6 Networks

Sep 22, 2017

As a networking student I remember reading about IPv6 and its imminent introduction on more than one occasion. Continue reading

By Guy

Changes to the Cyber Essentials Questionnaire

Sep 15, 2017

A new version of the CREST Cyber Essentials questionnaire (part of the Cyber Essentials assessment) has been made available by CREST, with a grace period of until September the 28th 2017 for using the older version for submissions. Continue reading

By Matt

Do You WannaCry? A Taste of SMB Exploitation

Sep 08, 2017

On Friday, 12th May 2017, an unprecedented ransomware attack, named WannaCry infected more than 230,000 computers in 150 countries and a nu Continue reading