• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Blog

You are here

By Daniel

PostgreSQL 9.x Remote Command Execution

Oct 26, 2017

During a recent penetration test I was able to gain access to a PostgreSQL 9.0 service. Continue reading

By Wes

Discovering Sensitive Information in File Shares

Oct 05, 2017

When carrying out internal penetration testing engagements, one of the first areas a penetration tester will focus on is identifying which shares are accessible to low privileged domain users or anonymous users in the hope of finding sensitive inf Continue reading

By Marius

Active Directory Password Auditing Part 1 - Dumping the Hashes

Oct 02, 2017

One of the recurring issues in our internal penetration tests is inadequate password management, which in most cases leads to a fast takeover of the Active Directory (AD) domain. Continue reading

By Dougie

Scanning IPv6 Networks

Sep 22, 2017

As a networking student I remember reading about IPv6 and its imminent introduction on more than one occasion. Continue reading

By Guy

Changes to the Cyber Essentials Questionnaire

Sep 15, 2017

A new version of the CREST Cyber Essentials questionnaire (part of the Cyber Essentials assessment) has been made available by CREST, with a grace period of until September the 28th 2017 for using the older version for submissions. Continue reading

By Matt

Do You WannaCry? A Taste of SMB Exploitation

Sep 08, 2017

On Friday, 12th May 2017, an unprecedented ransomware attack, named WannaCry infected more than 230,000 computers in 150 countries and a nu Continue reading

By Thanat

Analysing Java Stack Traces and Determining the Open Source Software Version

Aug 08, 2017

Stack traces are commonly used for debugging purposes by software developers in order to find what went wrong in the application they are developing. Continue reading

By Robin

Reposcanner

Aug 02, 2017

Reposcanner is a Python script designed to scan Git repositories looking for interesting strings, such as API keys or hard-coded passwords, inspired by Continue reading

By Thanat

Umbraco Forms Local File Inclusion

Jul 31, 2017

In a recent engagement, I was working on a fairly secure website and I came across an interesting Umbraco content management system (CMS) package called Umbraco Forms. Continue reading

By Mike

An introduction to Dionach’s Ransomware Readiness Review

Jun 30, 2017

With the recent Ransomware WannaCry attack hitting a big public sector organisation like NHS which was made public by the media, everyone is now paying extra attention to information security. Continue reading

Pages