• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Blog

You are here

04

Jun

Minimising the Risks of Using Flash

Flash is well-known to people within the cyber security industry to have a long history of security vulnerabilities as well as functionality flaws. However, it is impossible to completely uninstall Flash, as the plugin has been integrated in both Internet Explorer and Microsoft Edge, which are core applications that come with Windows builds. Therefore, the purpose of this blog post is to provide possible solutions for organisations to minimize the risks of having Flash.

20

May

Moodle Jmol Plugin Multiple Vulnerabilities

In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.

29

Apr

Common Mistakes with PCI DSS Compliance

I've been a PCI Qualified Security Assessor (QSA) for PCI DSS requirements for some years, and I have detailed some of the more common mistakes I encounter whenever discussing PCI DSS with organisations, be they business owners, website developers, or service providers.

25

Mar

Compromising Jira Externally to Get Internal Network Access

In a recent external network engagement, which had a fairly large number of external services, I found a Jira login page available on the client's external network.

20

Feb

From Internal Web Application To Domain Admin

In a recent internal network penetration test I found a slightly less conventional route to get domain administrator privileges. This type of attack is certainly not new but it shows how thinking-out of the box takes a crucial part when comes to penetration testing.

Pages