• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Blog

You are here

By Wouter

Cisco ASA Firewall Hardening

Jul 25, 2018

Introduction I have conducted numerous firewall review for various types of organisations over the years. A common theme observed during these reviews is that most organisations do not have a firewall hardening procedure and/or do not conduct a regular firewall review which covers user accounts, exposed administrative interfaces, patch management and review of firewall rules. This article provides a guide or references other articles for hardening Cisco ASA firewalls and addressing the most common vulnerabilities observed during these firewall reviews. Continue reading

By Luca

Introduction To Red Teaming

Jun 26, 2018

When a company is in the process of proactively improving security posture, there are various services and standards that comes into help. Continue reading

By Valeria

Security Testing - How to Choose the Right Provider

Jun 13, 2018

In our previous blog, we discussed the rising importance of security testing, and in particular red teaming, to mitigate the plethora of risks associated with managing your data in today’s digital world. Continue reading

By Valeria

Cyber Security – Are You Seeing Red?

Jun 11, 2018

        Based on our experience over the last year, companies large and small are ramping up their security testing measures – and this comes as no surprise given the scale of the threats facing businesses in the digital era. Continue reading

By Antonio

Fun with SQL Injection using Unicode Smuggling

May 02, 2018

During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. Continue reading

By Guy

What is the difference between ISO 27001 and ISO 27002?

Apr 25, 2018

In short, ISO 27001 is the standard for implementing an Information Security Management System (ISMS) that companies are certified against. Continue reading

By Nick

OWASP Top 10 2017 Final Release Review

Apr 19, 2018

Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected. Continue reading

By Robin

Active Directory Password Auditing Part 2 - Cracking the Hashes

Mar 20, 2018

In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit. Continue reading

By Gina

How to Spot Phishing Email Attacks

Nov 17, 2017

Social engineering attacks are becoming increasingly popular amongst attackers, as a strategy to breach companies. Continue reading

By Antonio

Quick Comparison Between iOS and Android Encryption

Nov 13, 2017

Encryption in mobile devices is tricky and often developers do not fully understand the mechanisms that iOS and Android, the most common operating systems for mobile devices, provide to ensure data stored on the devices remains relatively secure. Continue reading

Pages