• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Blog

You are here

07

Apr

Easily Remove Unwanted HTTP Headers in IIS 7.0 to 8.5

The StripHeaders module is a Native-Code module for IIS 7.0 and above, designed to easily remove unnecessary response headers and prevent information leakage of software and version information, which can be useful to an attacker.

28

Mar

Reproducing an Umbraco Remote Code Execution Vulnerability

During a recent penetration test I came across a website running Umbraco CMS (https://umbraco.com/). Umbraco is an open source content management system for publishing content on the World Wide Web and intranets. It is written in C# and deployed on Microsoft based 

17

Mar

Verifying PCI DSS Scope: Hunting for Credit Card Numbers

PCI DSS requires that the scope of assessment must be checked to make sure the scope is accurate. This check must also be carried out every year.

28

Feb

Physical Intrusion Social Engineering

Social engineering is a service that my team and I get involved in on a fairly frequent basis. While for the most part this involves remotely trying to convince targets to click on links in emails, browse to fake login pages, download carefully constructed files which lead to 

17

Feb

PowerShell in Forensic Investigations

This is meant to be a short post about PowerShell as an aid in forensic investigations. We will not dive into what a proper forensic investigation looks like, we will just assume that somehow we have access to the compromised machine (a Windows Server 2012 R2 VM was used for our tests) -or a copy of it

Pages