Lucene search
K
PentestpartnersMost viewed

506 matches found

Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/12 5:16 a.m.13 views

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/10 5:15 a.m.13 views

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Introduction This guide covers the security of smart home security products from Ring, Yale, Swann, and SimpliSafe. Whether you're looking to monitor your property remotely, enhance your home's security, or see who’s at the front door, this guide will provide you with valuable insights. We have...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/08/12 5:3 a.m.13 views

Living off the land with Bluetooth PAN

TL:DR Bluetooth is enabled by default on the majority of Windows laptops Bluetooth PAN can be used to bridge connections locally between a client laptop and attacking device Attackers can use Microsoft native SSH client to forward out internal network traffic Windows native SSH is accessible to...

7.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/06/21 5:11 a.m.13 views

Dodgy disks. My 32TB SSD Adventure

TL;DR "Hard drive” had reflashed firmware to make it look larger Buyer beware: Cheap storage may not be the value you think it is Background Earlier this year I found myself in need of various cheap electronic components. So naturally I turned to AliExpress. I came across a listing for a cheap...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/05/09 5:21 a.m.13 views

Pipedream ICS malware toolkit is a nightmare

TL;DR Malware toolkit specifically designed for attacking ICS Modular and framework based Main features are enumeration, Modbus comms, and HTTP interactions Operational Technology OT network breaches are often due to connected Windows devices Off-network compromise assessments give a strategic vi...

7.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/07/12 5:53 a.m.13 views

Stop using phishing as a measure of your cyber awareness culture

If I had a penny for every time someone said to me “let’s measure our security culture by phishing our staff” I’d probably be able to fill my car up. It’s a really easy thing to do, you carry out some online training and typically they come with phishing simulations as a free or low cost add on. ...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/03/21 6:31 a.m.13 views

To Pay or Not to Pay? That is the Ransomware question

During a review of a client’s incident response capabilities the discussion turned to ransomware and strategies for handling it. The client’s board-level view was that if they were unable to restore their systems they would pay-up. They’d gone so far as considering setting up a cryptocurrency...

Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/05/16 5:30 a.m.12 views

VNC. RDP for all to see

TL;DR VNC still remains in some legacy environments due to legacy deployments and ease of use. Without proprietary extensions, VNC transmits data without encryption, making credential theft through packet sniffing possible. The captured challenge and response between a VNC client and server can...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/04/09 5:52 a.m.12 views

Don’t use corporate email for your personal life

TL;DR People use whatever is convenient. Segregation of work and personal matters is a key part of security. Using corporate addresses tramples on this separation. Corporate email addresses should be treated with the same care as sensitive corporate information. Create an Acceptable Use Policy th...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/24 6:29 a.m.12 views

The first 24 hours of a cyber incident. A practical playbook

TL;DR The first 24 hours after a cyber incident are critical for containment and recovery. Small and medium-sized businesses SMBs often lack resources, but swift action is still possible. This playbook provides clear steps to follow in the heat of a breach: who to contact, what to do, and how to...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/19 6:13 a.m.12 views

Cybersecurity communities. Small hacker groups, big impact

TL;DR Cybersecurity communities and groups are an excellent opportunity to network and learn There are OWASP, DEF CON, 2600, university hacking societies, Meetup communities and more to choose from They provide workshops, talks, and practical learning opportunities benefiting both newcomers and...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/01/09 6:20 a.m.12 views

The unexpected effects of GPS spoofing on aviation safety

GPS is one service in the Global Navigation Satellite System GNSS. Others include Russia’s GLONASS and the EU’s Galileo constellations. These are all used to provide Position, Navigation, and Timing PNT to civilian users including commercial aircraft. GPS was actually designed to have military...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/01/07 6:45 a.m.12 views

10 Non-tech things you wish you had done after being breached

TL;DR Non-tech aspects to breach follow-up are often overlooked but essential NDAs, supply chain, and third party contracts and obligations should be reviewed Reviewing communication protocols and employee training increases resilience Looking after, and retaining your people improves recovery fo...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/12/23 6:31 a.m.12 views

Heels on fire. Hacking smart ski socks

TL;DR A silly-season BLE connectivity story Overheat people’s smart ski socks …but only when in Bluetooth range AND when the owner's phone is out of range of their feet! Having experienced painfully cold feet several times over the years while skiing, including once at minus 42°C in the Canadian...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/12/09 6:49 a.m.12 views

Making sure your door access control system is secure: Top 5 things to check

Your door access control system aka a physical access control system or PACS, also referred to as RFID cards or ‘swipe’ cards often have a poor reputation for being vulnerable to cloning attacks. Here’s the thing: it’s generally possible to configure your system to be very resistant to card...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/11/30 6:2 a.m.12 views

OPSEC failures when threat hunting

Over the last few years I’ve carried out a lot of phishing, and have some interesting observations on how organisations respond. However, the purpose of this blog is to highlight a worrying and amusing trend in response actions taken by the blue team and researchers when threat hunting a phishing...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/11/27 6:4 a.m.12 views

Are Vehicle to Grid spikes coming?

If you didn’t already know, I’m a massive fan of electric vehicles. One of the aspects that intrigues me is Vehicle to Grid V2G, the potential for our car batteries to store and release electricity to and from the grid, providing balance for the peaks and troughs of demand. It’s a part of what is...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/02/20 6:14 a.m.12 views

Finding forensics breadcrumbs in Android image storage

Introduction Our digital forensics work is wide and varied. Often there’s very little that we can talk about in the public domain, so when I find something that we can share I get a bit excited. In this post I’ll be talking about image scanning apps, and how to reverse engineer them to pinpoint...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/07/06 5:56 a.m.12 views

EFB Tampering. Holdover Time

TL;DR Holdover applications are a relatively new method of calculating the effectiveness of anti-icing fluid sprayed onto aircraft wings. Applications such as these have additional attack surfaces as the developer and source databases need to be considered Airlines often view limits as targets to...

Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/02/16 6:0 a.m.12 views

OpSec. Hunting wireless access points

Continuing my series on OSINT techniques you can use for reviewing your own corporate OpSec, one of the most common services available in a modern corporate office is of course wireless. How do we go about finding wireless access points and what can they tell us? Finding wireless We have spoken...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/05/15 6:2 a.m.12 views

Stealing container ship cargo through LOC messaging

In a previous post post I looked at hacking and manipulating EDIFACT messages to destabilise a ship. However, criminals will be far more interested in using these techniques to re-route containers and steal their contents. Similar techniques appear to have been used to steal containers in the pas...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/04 6:24 a.m.11 views

DNSSEC NSEC. The accidental treasure map to your subdomains

TL;DR: DNSSEC secures DNS but may unintentionally expose domain structures via NSEC/NSEC3 records, enabling zone walking to enumerate subdomains. NSEC openly lists domain names, making enumeration easy. NSEC3 hashes names, making enumeration harder, but attackers can still crack weak...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/02/21 6:12 a.m.11 views

Pen testing avionics under ED-203a

The aviation industry realised some time ago that taking a standard approach to the cyber security of its products was needed and that this was a specialist discipline. A family of documents was produced to help with this: ED-202A / DO-326A – what should be certified ED-203A / DO-356A – how these...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/02/05 6:12 a.m.11 views

A tale of enumeration, and why pen testing can’t be automated

TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames and passwords That file gave us access to the client’s ArcGIS instance This contained a treasure trove of information abou...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/12/05 6:38 a.m.11 views

Is secure boot on the main application processor enough?

TL;DR Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy. Sub-systems often lack secure boot capabilities, limiting protection for non-critical processors. Focus on secure boot for the main processor; it can provide adequate security...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/10/31 6:15 a.m.11 views

Mounting memory with MemProcFS for advanced memory forensics

Mounting memory? This changes everything! TL;DR Memory forensics is crucial for investigations, providing access to volatile data, like running processes and network connections. MemProcFS is a game-changer tool in memory forensics, allowing memory dumps to be mounted and browsed like file system...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/08/16 5:24 a.m.11 views

Insights and highlights from DEF CON 32

TL; DR Event Dates : August 8-11, 2024, in Las Vegas. PTP Presentations : Windows Hello : Our Ceri Coburn with Outsider Security's Dirk-Jan Mollema revealed vulnerabilities in biometric authentication. Maritime Security : Paul Brownridge discussed vulnerabilities in maritime systems and...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/08/07 5:56 a.m.11 views

Key safe security, or the lack of it

A few years back we put a key safe into our office. Previously, we had used a very simple locked cabinet to ensure keys were returned, as before that, keys kept being accidentally taken home. There’s no data of significance kept at the office. Everything is hosted elsewhere, but we could do witho...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/07/08 5:11 a.m.11 views

Pen testing cruise ships

New build ships contracted for build from 1st July 2024 must comply with IACS UR E26 & 27. What does this mean for assessing the cyber security of a cruise ship? What’s the risk profile? Cruise ships have a unique risk profile. This is due to the huge number of guests on board, highly complex...

7.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/01/24 6:47 a.m.11 views

10 years on from the Target breach. Has building cyber security improved?

It’s over a decade since the Target data breach. It was an event that reinforced the need for supply chain security reviews. It seems that much has changed since then, or has it? Has the security profile of the average connected building in the USA improved in that time period, be it retail,...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/06/12 5:13 a.m.11 views

WhosHere Plus. Trilateration vulnerability

WhosHere Plus is a dating app that uses GPS data to recommend users near to each other, based on similar interests. PTP constantly researches the state of privacy and security in apps that use GPS data, because the consequences of poor security and privacy are alarming: Tracking and snooping on a...

6.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/04/13 5:17 a.m.11 views

Reporting of cyber incidents becomes law in the USA

On March 15th 2022, president Joe Biden and the US Government passed new legislation to strengthen the Department for Justice DOJ Cybersecurity and Infrastructure Security Agency CISA position by requiring the reporting of all cyber incidents or ransomware payments. The Cyber Incident Reporting f...

7.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/09/28 5:45 a.m.11 views

When the IoT vendor goes bust

Over recent years, legislation has started to emerge to protect consumers from unethical behaviour from IoT vendors. Far too many smart devices didn’t charge for a subscription to the online platform that made the device ‘smart’. As a result, manufacturers had a perverse incentive to end-of-life...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/29 10:53 a.m.11 views

Congrats, you got everyone remote. But did you do it securely?

The lockdown has meant entire companies of typically office based staff being forced to work from home. The change to our way of life is like nothing anyone has in living memory ever seen. However, alongside that, IT teams have had to rush to deliver solutions that were simply not designed for th...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/12 6:51 a.m.10 views

Take control of Cache-Control and local caching

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/06 6:38 a.m.10 views

How I became a Cyber Essentials Plus assessor

TL;DR What is Cyber Essentials and why does it matter? The role of Cyber Essentials CE and Cyber Essentials Plus CE+ assessors in protecting UK businesses The difference between a CE and CE+ assessor Becoming a CE assessor Becoming a CE+ assessor Challenges I faced and tips for success Introducti...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/01/15 6:4 a.m.10 views

Security flaws found in tiny phones promoted to children

TL;DR Three mini smartphones promoted to children were analysed Those devices are heavily promoted on TikTok All had outdated operating systems All could be rooted without wiping the phone, allowing data to be compromised with physical access One had malware artefacts pre-installed One had an...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/01/03 6:33 a.m.10 views

The surprising existence of the erase button on cockpit voice recorders

Introduction Safety and transparency are important in aviation. One tool that helps here is the Cockpit Voice Recorder CVR, which records audio from the cockpit during flights. It is crucial for accident investigations, helping authorities understand what happened before an incident. However, you...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/12/03 6:17 a.m.10 views

6 non tech things you wish you had done before being breached

Introduction When a breach happens, it’s not just technical defences that matter. Preparation in non-technical areas, like having key documents printed or emergency contacts accessible, can make all the difference. In this blog, we highlight six simple yet essential steps to help you prepare in...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/10/21 5:27 a.m.10 views

Unauthenticated local file disclosure on Milesight DeviceHub

TL;DR Nginx container on Milesight DeviceHub includes MQTT private key store Can download MQTT private keys across network Milesight eventually responded and issued a firmware update Unauthenticated local file disclosure on Milesight DeviceHub CVSS: 6.5 Medium CVSS:3.1:...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/11/23 6:5 a.m.10 views

Cap Dev. Better red teaming with continuous Capability Development

TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...

7.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/09/14 5:11 a.m.10 views

PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/09/03 5:55 a.m.10 views

ASSURE Case Study: Two

The engagement The purpose of this exercise was to validate the clients’ baseline security assessment against NIS and the CAF and prepare them for the CAA Assure audit against NIS and CAF. There were 24 systems for the client and 9 third party systems. The client had carried out some initial...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/09/03 5:53 a.m.10 views

ASSURE Case Study: One

The engagement The client needed to meet the requirements of the Network Information Systems NIS CAF. There was a target profile for the NIS CAF that the CAA had set out for the client’s systems. However, we discovered early on that this had the potential to be a transformational piece of work fo...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/10/10 5:56 a.m.9 views

Imposter syndrome in cyber security

TL;DR Imposter syndrome is the belief that you are undeserving of your achievements Anyone can be affected by it There are ways to cope What is imposter syndrome? Imposter syndrome is the psychological pattern in which a person downplays their achievements and believes that they are secretly a...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/10/09 5:4 a.m.9 views

How to handle vulnerability reports in aviation

TL;DR Always thank researchers for reporting vulnerabilities. Acknowledging their efforts can set the right tone. Lead all communications with researchers. Don’t let legal or PR teams take over. Provide regular updates to avoid miscommunication. Keep researchers informed throughout the process. W...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/12/02 6:42 a.m.9 views

Consumer advice for buying smart IoT devices this Christmas

Rightly or wrongly there’s plenty of fear, uncertainty, and downright doom associated with the IoT and devices. So, is it safe to buy these things as gifts or even as a treat for yourself this year? In our opinion it probably is, as long as you follow some basic advice. What can you do? Do your...

7.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/10/11 5:45 a.m.9 views

Living off the Cloud. Cloudy with a Chance of Exfiltration

Part one of a series aimed at demonstrating malicious usage of Office 365 services. TL;DR Unless default settings are changed, typical Office 365 O365 licences come loaded with various services that are all usable by end users without special permissions. Power Automate can be used maliciously by...

0.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/09/21 8:1 a.m.9 views

Container theft, the legal system and poor maritime security

One of the most interesting legal cases I’ve read recently involves a theft of two containers of cobalt metal briquettes from a terminal at the port of Antwerp. Original judgment: Appeal: What drew me to this case was the amount of useful data that had entered the public domain concerning a crime...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/05/22 5:44 a.m.8 views

Fully segregated networks? Your dual-homed devices might disagree

TL;DR Using dual-homed devices as a segregation tool is not recommended as a security design solution Use dedicated hardware and robust firewalls to segregate networks to limit access to critical networks Proactively check for unintended exposure of network services and disable unnecessary servic...

8.6AI score
Exploits0
Total number of security vulnerabilities506