Lucene search
K
PentestpartnersMost viewed

506 matches found

Pen Test Partners Blog
Pen Test Partners Blog
added 2019/12/03 12:18 p.m.60 views

Analysing the Attack Surface of an Industrial Data Acquisition Device

Introduction The Data Station Plus from Red Lion Controls was handed to me to analyse the attack surface. The device is designed to connect to SCADA data acquisition devices over Modbus, Profibus, etc. by Serial or Ethernet connection. Data is collected and recorded to a local compact flash card...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/04/26 5:35 a.m.59 views

2021. The age of the super vulnerability?

I don’t know about you, but to me it seems that every week we are seeing another vulnerability that not only grants significant access to the vulnerable system but also more widely internally. This last week we have seen the latest round of Microsoft Exchange vulnerabilities. The April 2021 updat...

7.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/10/08 10:52 a.m.59 views

Too Interested?

I was asked to investigate an incident a while back where my client was being subjected to a sizeable DDoS attack. It was causing them significant pain and, owing to the nature of their business, implementing something like CloudFlare quickly wasn’t an option. It had the hallmarks of a...

6.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/09/23 9:33 a.m.59 views

Think you’ve had a breach? Top 5 things to do

Realising that you may have had a data breach can be the start of a stressful and confusing time. Ideally, you would reach for your carefully crafted and practised incident management plan to guide you through the process. In reality though these plans fall into two camps: They don’t exist yet Th...

6.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/11/16 6:8 a.m.58 views

Brute forcing device passwords

When working with IoT and embedded systems, brute-force password guessing attacks are an effective tool to gain access. Over the years, I’ve learned some tips and tricks to make these attacks more effective. What is brute forcing? Very simply, it’s guessing passwords so that you can find a valid...

7.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/03/15 5:35 a.m.57 views

Out of cyber class. Maritime compliance.

Ships classification societies have a key role to play in the International Maritime Organisations cyber security requirements. Based on our experience to date, there are some significant issues coming that maritime insurers need to be aware of before writing cover for any vessel that includes...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/08/11 6:0 a.m.57 views

DEF CON 28: ILS and TCAS Spoofing

This post is a companion to the DEF CON 28 video available here The purpose here is to give some practical demonstrations of two kinds of radio frequency spoofing attack against two different types of cockpit instruments that are found in virtually every single commercial aircraft flying today...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/10/10 8:30 a.m.57 views

Help, my accounts have been hacked! What should I do?

I run staff security awareness sessions for a huge variety of organisations. Regardless of where I am the most common question I get asked is “How do I recover from being hacked at home?”. For businesses, we have some simple advice, but what about everybody else? A client contacted me. One of the...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/08/03 6:47 a.m.57 views

COSCO incident. Phishing frenzy and exploding goods?

If you haven’t seen the coverage, COSCO the world’s 4th largest shipping line has had a ransomware outbreak. Sounds terribly familiar, doesn’t it. One wonders why on earth they didn’t carry out a thorough review after the Maersk incident, so as to be rather better prepared. Phishing time Breaches...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/06/22 3:0 p.m.57 views

Hardware reverse engineering. A tale from the workbench

In line with our previous work on the Tapplock, I decided to have some fun with some electronic locks and ordered a few from a large retail company. Half of these are currently en route to me, on the slowboat from China, but one arrived early. Before I state, let me just say here that I’m not...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/06/15 5:39 a.m.56 views

Tracking Amazon delivery staff

TL; DR The Amazon delivery tracking API allows ultra-precise tracking of drivers. Amazon claim that customers can only track the driver for the 10 stops prior to theirs. This isn’t the case – one can track the driver on the entire route and all drops, including their speed on the road. This preci...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/07 10:0 a.m.56 views

2×4 Security

I had someone at the house recently, talking about physical security. We have all the usual stuff like alarms and CCTV, locks on the windows and doors but the aim of the exercise was to have someone who is familiar with attacks vectors physical security in this case, but the principal applies to...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/08/30 8:2 a.m.56 views

A Secure “Smart” Kettle?

We haven’t looked at smart kettles for a long time, mostly as the UK market leader, Smarter, fixed their security with the iKettle 3.0. So I got quite excited when a colleague pointed out the Xiaomi ‘smart’ kettle a few weeks back. It’s the first kettle with a mobile app that we’ve seen for a...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/01/08 10:24 a.m.56 views

Shipping operators, what you need to know about phishing and CEO fraud

Maybe second only to ransomware, the most likely type of attack a shipping operator will experience will be a phishing scam. Usually this will be carried out by email, or social media, or even messaging apps. It will likely include a link to what seems a plausible website, and/or have an...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/07/02 5:11 a.m.55 views

Ransomware. In the air?

Introduction As an exercise, we were asked to look at the potential vectors for ransomware to affect flight despatch and operations. In most cases, flight systems simply werent significantly exposed, but ground systems affected by ransomware may make flight ops either impossible or significantly...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/03/21 4:1 p.m.55 views

Remote command injection through an endpoint security product

TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in 650,000 PCs for around...

6.4CVSS9.7AI score0.01305EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/02/05 10:47 a.m.55 views

Super-systemic IoT flaws

IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected car leads to problems with ALL the connected cars using that same system. That led to incidents such as the Mirai botnet...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/12/04 7:36 a.m.54 views

Nuclear Satcoms

The Fukushima Daiichi nuclear incident in 2011 has led to safety changes that may have an interesting knock-on effect on reactor security. Loss of telemetry during the flooding, as a result of the subsequent loss of power, made assessment of the incident hard to manage. Critical data about the...

7.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/10/31 8:15 a.m.54 views

Ghost hardware. Device No.1, the Ghost Pro

Colloquially known as a “Ghost Pro” this full spectrum camera is supposed to allow you to see beyond the visible spectrum, into the infrared and ultraviolet ranges. This one has Wi-Fi as well, for ease of remote control. There’s a few questions we wanted to answer with this one. Who’s the camera...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/06/11 6:0 a.m.53 views

Why hackers don’t fly coach

Physical security is relied on too heavily for cabin-based systems on the Airline Information Services Domain AISD. Whilst the Aircraft Control Domain ACD is separated, there are still plenty of interesting information, data and systems that are accessible from the cabin, for those who are prepar...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/04/21 5:13 a.m.53 views

Training apps. Have their privacy settings improved in 5 years?

TL;DR Run and bike tracking apps still have a pretty poor approach to password security & default privacy settings From being one of the more secure apps 5 years ago, Strava has now been pushed to the back of this pack as others improved Amazingly, none of these apps support multi factor...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/01/30 7:11 a.m.53 views

ASSURE Aviation Cyber Security Testing

We've long been supporters and champions of a formalised approach to Aviation Cyber Security Testing. Our research and blogging has taken us on an interesting journey regarding airside and landside security, mapping attack surfaces and explaining how systems work and interact. Speaking and...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/10/31 8:15 a.m.53 views

Ghost hardware. Device No.3, the Ghost Rover

The Ghost Rover is a ghost hunting tank. You control it with a mobile app. We’ve looked at a toy spy tank before, it wasn’t great from a security point of view. Let’s hope our ghost-hunting tank – which, at $200, cost almost 4 time as much as the spy tank – has considerable security improvements ...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/03 6:56 a.m.53 views

Hacking Navtex maritime warning messages

When data roaming was still expensive across Europe and cellular data service was patchy, I used Navtex extensively whilst sailing in the Mediterranean. Every four hours, one could get a useful marine weather forecast. Was there a fun days sailing ahead, or was a dash for port and gin & tonic in ...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/05/07 6:12 a.m.52 views

EFB Safety Advice for Pilots

As a pilot you will be all too aware of how important an electronic flight bag EFB is to you and your role. It’s probably critical to your takeoff performance calculations, your roster, pax lists and plenty more. It’s one thing if its not working, but have you ever stopped to consider what could...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/07/09 5:55 a.m.52 views

Hacking smart devices to convince dementia sufferers to overdose

Weve looked at numerous smart tracker watches over recent years. All had some disastrous security flaws. However, we found one recently that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments. If the wearer goes for a walk and...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/04/01 1:27 p.m.52 views

Hacking Superyachts. Advice for owners

If you own a superyacht they are your homes, your offices, your play areas. They are islands of exclusivity and provide safety and security and above all privacy, but are they really as secure and private as you hope they are? Finding your yacht Most yachts have safety features such as Automatic...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/12/05 1:42 p.m.52 views

Worried about Spouseware?

We recently participated in a BBC Radio 4 interview for You and Yours about ‘Spouseware’. This covers smartphone apps which are used by a domestic abuser to track and monitor their victim. The tracking ‘spouseware’ can tell the abuser where their victim is, when they use the phone, what speed...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/05/07 5:36 a.m.51 views

Exploiting Copilot AI for SharePoint

TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/03/06 6:12 a.m.51 views

Living off the land with native SSH and split tunnelling

TL;DR Attackers can use Microsoft native SSH client to forward out internal network traffic Windows native SSH is common The attack only needs minimal set-up and commands Quicker and more cost effective for an attacker than using C2 infrastructure Reduces likelihood of Blue team detection...

7.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/04/24 8:51 a.m.51 views

From a TCU to Corporate Domain Admin

How we went from a telematics control unit in a vehicle to domain admin on a corporate network We’ve tested numerous telematics control units over recent years and gathered many of our findings in to some good practice guidance here. However, just occasionally we find something that blows our min...

6.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/04/01 1:31 p.m.51 views

Hacking Superyachts. Advice for captains

I’ve blogged already about how superyachts are the homes, the offices, the play areas for their owners. However, they are also the charge of the captains and homes of the crew, most owners simply see themselves as guests on the captain’s yacht, so what do you the captain and crew need to think...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/11/09 3:42 p.m.51 views

Flogging a dead smart horse

Connected stuff is getting everywhere, even in to managing the health of your connected horse. Yes, really. One Friday afternoon after PTP lunchtime drinks in the pub, we bought an ‘Orscana’ horse tracking device. It sat on the shelf for 13 months until after another session in the pub over lunch...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/10/31 8:15 a.m.51 views

Ghost hardware. Device No.2, the Boo Buddy

The “Boo Buddy” is sold as a “trigger object” with a wide range of internal functionality such as EMF, motion and temperature detection. It’s a “trigger object”, in the sense that it is designed to evoke the spirits of children, who might be drawn in by the presence of a toy. Many people have...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/09/07 10:20 a.m.51 views

Automotive theft affects shipping security

Cars and ships – there’s not that much in common with two areas that we carry out a lot of research in to. One uses CAN for safety critical controls, the other uses serial and +/- 10V. Yet, security of the two sectors is linked through vehicle theft and fraud: Most modern vehicles have telematic...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/19 3:30 p.m.51 views

EU Cybersecurity Act IoT FAIL

The EU recently announced that its plans for a Cybersecurity Act had been backed by industry committee MEPs. This was a significant opportunity for consumer IoT security to be regulated and resolve the current mess. Sadly, they’ve stopped short and made the code voluntary for all but certain...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/05/20 5:5 a.m.50 views

Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224)

TL;DR Galleon Systems’ GPS NTP time server had a command injection vulnerability in the firmware of their NTS GPS device which could allow total control of the device through the web management interface. The vulnerability - CVE-2022-27224 https://vulners.com/cve/CVE-2022-27224 Device: Galleon...

9CVSS7.7AI score0.04476EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/03/22 5:4 a.m.50 views

Multi-factor Authentication. Reset MFA you say?

MFA is a no brainer. It helps mitigate the risk of password re-use, overly simple passwords and more. Just don’t confuse it with 2 step verification… Anyway, when we’re red teaming, MFA can make things more complicated. So why not social engineer your way around it? Having worked on a helpdesk...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/05/22 5:11 a.m.50 views

Ethical dilemmas with responsible disclosure

We do a LOT of disclosures, probably starting one a day on average. Between us, we spend a man day or so per week just managing disclosures. It creates pain for us and consumes time, particularly when the vendor won’t listen. We get the occasional legal threat, which takes time and money to slap...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/14 5:56 a.m.50 views

Business Email Compromise. What to do

The FBI has just released it’s annual Internet Crime Report for 2019, it makes for some really interesting and depressing reading. The mainstream media focused on the headline figure of $3.5Bn in losses in 2019, but what caught my eye is the Business Email Compromise BEC or CEO Fraud stats. I...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/08/08 6:41 a.m.50 views

Tamper proofing review: the iZettle card payment terminal

Tamper resistance is an increasingly important factor in smart devices. Together with secure hardware design and defensive coding, it can deliver a very secure device. One of the most common areas the average consumer will encounter tamper resistant devices is in payment terminals, or Pin Entry...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/06/15 3:1 p.m.50 views

Totally Pwning the Tapplock (the API way)

An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas @evstykas has found a way to unlock any lock, plus scrape users PII and home addresses. Read his...

6.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/04/21 5:1 a.m.49 views

Homeworking vs Homeschooling. The cyber challenge

March 2020 was a significant challenge. We were propelled into lockdown. From happily working in an office I had to switch to working from home. Previously I had always looked at my home as exactly that, a home. A place to relax and spend time as a family. Never did I expect to be spending every...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/02/22 7:31 a.m.49 views

K&R insurance. Kidnap and Ransom(ware)

Businesses are increasingly getting insurance cover for cyber liability incidents. Whilst cover was traditionally focussed on US-style 3rd party losses relating to data breaches, claims are accelerating in the 1st party / ransomware and business interruption arena. Ransomware claims are growing s...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/02 11:0 a.m.49 views

Cloud firewall management API SNAFU put 500k SonicWall customers at risk

TL;DR I found an IDOR in SonicWalls cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account to exploit the issue, from the public internet Can be used to change firewall rules, or add rogue VPN users, for example...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/08 6:58 a.m.48 views

Speed 2 – The Poseidon Adventure – Part One

This post is a companion to the DEF CON 28 video available here This is a tale of how we tested a brand new cruise ship over the course of a week. TL;DR How fire zone safety design affects security When ballasting control goes wrong Where maritime tech providers let security down, badly Are IMO &...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/04/01 5:23 a.m.48 views

Honeyroasting. How to detect Kerberoast breaches with honeypots

Introduction As we know one of the main issues facing defenders, especially in large environments, is protecting against threat actors after they gain a foothold in the environment. If an attacker lands on a domain-joined PC, the attack surface is massive, and it is vital to detect them as quickl...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/01/30 2:51 p.m.48 views

Hacking floating hotels. Cruise ship compromise on the high seas

Modern cruise ships have all the amenities of a large resort hotel. Prior to entering the infosec space, I spent 5 years working in hotels. My experience of the security of both hotels and shipping indicates that the mix is not a good one for security. What’s the difference between a hotel and a...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/26 5:17 a.m.47 views

Direct Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking

TL;DR Direct Memory Access DMA attacks are a powerful class of attack that give read and write access to the memory of a target system, bypassing the main CPU to gain kernel privileges. We became interested in DMA attacks for expanding the toolkit for rooting embedded devices. A lot of embedded...

6.8CVSS8.3AI score0.00216EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/10/04 11:14 a.m.47 views

Real-life social engineering. Another two days in tweets

What happens in a real life social engineering exercise? There’s a lot of planning and preparation that goes on behind the scenes: it’s not a matter of turning up to a site and ‘winging it’! I live tweeted an exercise a little while back, to give a flavour of a real task in real time. For reasons...

6.4AI score
Exploits0
Total number of security vulnerabilities506