• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Dubai: +971 (0)4 427 0429

Blog

You are here

19

Apr

OWASP Top 10 2017 Final Release Review

Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected.

20

Mar

Active Directory Password Auditing Part 2 - Cracking the Hashes

In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit. Now we need to crack the hashes to get the clear-text passwords.

17

Nov

How to Spot Phishing Email Attacks

Social engineering attacks are becoming increasingly popular amongst attackers, as a strategy to breach companies. Verizon carried out a study on social engineering attacks and found that over 43% of breaches that were documented involved some form of social engineering attack.

13

Nov

Quick Comparison Between iOS and Android Encryption

Encryption in mobile devices is tricky and often developers do not fully understand the mechanisms that iOS and Android, the most common operating systems for mobile devices, provide to ensure data stored on the devices remains relatively secure.

26

Oct

PostgreSQL 9.x Remote Command Execution

During a recent penetration test I was able to gain access to a PostgreSQL 9.0 service.

Pages