Lucene search
K
PentestpartnersMost viewed

506 matches found

Pen Test Partners Blog
Pen Test Partners Blog
added 2020/01/08 6:38 a.m.37 views

Quick Wins to Combat Data Leaks

Data leakage is a worry. Holding lots of sensitive information about your employees and your customers means that if data is exposed it would be a catastrophe. No one wants to be the next Mossack Fonseca, or Equifax, or Marriott Hotel, or Facebook, or… The majority of clients I speak to tell me...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/08/09 7:6 a.m.37 views

Bitfi research receives Pwnie Award for ‘lamest vendor response’

The Pwnie Awards is an annual celebration of the achievements of security researchers and the security community. It's also an opportunity to roast vendors for lame responses to security concerns. The ceremony took place last night, August 8th, 2018 in Las Vegas at the BlackHat USA security...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/14 8:13 a.m.36 views

Consumer advice: Giggle vulnerability

Another week passes and another organisation chooses to deny a critical vulnerability in their site rather than fix it. I’m talking of course about Giggle, the social network site designed as a safe space for women to, “give girls choice, control, consent and connection”. If you are not aware, ov...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/07/01 6:49 a.m.36 views

Identity in IoT

NOTE: This was originally posted on 19 Jun 2020 but I decided that a rewrite was in order, for clarity and better flow. Identity is important in the Internet of Things Device identity is one of the most important security challenges in IoT. If you get identity management wrong, you run a...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/04 5:13 a.m.36 views

Unclamping the Barnacle

You may have seen the furore around the Barnacle windscreen-based parking clamp back in January this year. It’s a different approach that allows the clamp to be unlocked remotely, so you don’t need the clamp company to come remove it for you. If you’re not familiar with the device here’s a video...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/05/28 6:53 a.m.36 views

Reverse Engineering a 5g ‘Bioshield’

Six months ago the UK's Glastonbury Town Council set up a 5g Advisory Committee to explore the safety of the technology, and last month the local paper reported their findings. This statement is in their recommended measures report page 31 of this PDF: 5G Bioshield https://5gbioshield.com/ We use...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/12 4:47 p.m.36 views

format test

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

7.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/31 1:31 p.m.35 views

Hacking the Bitfi. Part 1

A large number of security researchers have taken exception to the ‘unhackable’ claims made by Bitfi and John McAfee about the security of their hardware cryptocurrency wallet. The $100K bounty offered appears to be something of sham, given it covers a very, very specific scenario. Bitfi states...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/30 8:6 a.m.35 views

Security Alarm Round-up

On the last day of IFSEC 2018 I was considering just how bad the security of some alarm products is. So, two years on from this post, has this sector's security improved?… PIR jamming First up is Yale Security with their trivially jammable wireless alarm system. You can replay disarm codes, and t...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/21 6:50 a.m.34 views

No fix KrbRelay VMware style

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a...

9.6CVSS7.2AI score0.01262EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/10/03 5:34 a.m.34 views

Airbus AoA – Angle of Attack sensor issue

I read a lot of air incident investigation reports. The aviation industry is a shining example of sharing and learning, resulting in increased safety. I wish that the cyber industry on the ground could find a way to effectively share similar experiences and learnings. Anyway, one report caught my...

0.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/10/13 5:20 a.m.34 views

Germ-term, but all year. How criminals are hacking schools

In some schools, the autumn term is often called “germ-term” due to the number of bugs the children bring back after the summer holidays. It usually calms down after a few weeks, however, with hacking there is no slow down. Its all year, its relentless. In the last 10 months of this year schools...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/11 6:16 a.m.34 views

A cyber warning light. The canary in the mine

One of the most difficult challenges for any sector is trying to alert an audience without skills in ‘cyber’ to the presence of unusual activity that might suggest a hack or other security tampering. What if we could alert a ship’s captain, an airplane pilot, car driver or machine operator that...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/20 6:7 a.m.34 views

Ships can’t be hacked. Wrong

I get a lot of objections from ships captains when discussing security flaws in ships, so I felt it worthwhile looking at these in some detail. The usual response is ‘ships can’t be hacked.’ When I dig further, what they usually seem to mean is that ‘processes aboard the bridge mean that the...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/08/22 7:43 a.m.34 views

PrivEsc in Lenovo Solution Centre, 10 minutes later

CVE-2019-6177 - Lenovo Solution Centre Privilege Escalation. Slow, but sure. TL;DR We found a privilege escalation vulnerability in the Lenovo Solution Centre LSC software, which came pre-installed on many Windows-based Lenovo devices. Lenovo say LSC has been shipped since 2011, but haven’t been...

7.5CVSS9.8AI score0.01077EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/12/13 6:30 a.m.33 views

What’s My Name Again? Reolink camera command injection

TL;DR Research on Reolink’s RLC-520A smart motion detection camera has turned up an authenticated command injection vulnerability. Exploiting this vulnerability with an injected system command can render the device useless. Introduction The camera is vulnerable to an authenticated command injecti...

8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/10/19 5:21 a.m.33 views

Moto E20 Readback Vulnerability

09/11/2022 Update: CVE ID CVE-2022-3917 has been reserved, with Lenovo to publish the Advisory Summary. TL;DR The Motorola E20 is an entry-level smartphone that uses a Unisoc system-on-chip. Motorola holds around 10% of the US smartphone market, though the sales of the E20 as a subset of that are...

1.5AI score0.00173EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/09/22 5:9 a.m.33 views

You can’t stop me. MS Teams session hijacking and bypass

How cleartext session tokens are stored in an unsecured directory that can be stolen and used to impersonate a Teams user. TL;DR Microsoft Teams stores unencrypted session tokens and cached conversations in users’ roaming AppData, which can be used by an attacker to gain access to the victim’s...

0.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/10/08 5:12 a.m.33 views

Cyber Security Month. What can you do?

October is Cyber Security Month, when organisations like the CISA, the ECSM, and many more promote initiatives to help raise security awareness. Around the world companies are dedicating time to improve staff security awareness, and its a really busy time for us. You may be thinking you’d like to...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/10/08 5:4 a.m.32 views

Free BrewDog beer, with a side order of shareholder PII?

TL;DR BrewDog exposed the details of over 200,000 ‘Equity for Punks’ shareholders for over 18 months plus many more customers Every mobile app user was given the same hard coded API Bearer Token, rendering request authorisation useless It was therefore trivial for any user to access any other...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/08/26 6:46 a.m.32 views

A Vulnerability Disclosure Program is not just a page on a web site

It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/10/30 7:15 a.m.32 views

Hacking ghost hunters

We’ve been looking at the security of smart ghost hunting tech. The results were a bit… spooky. TL;DR We bought three devices online. One was a camera for taking photos of ghosts, another was a smart teddy bear for helping ghosts of children apparate, the last a ghost hunting tank camera: In some...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/05/01 5:58 a.m.31 views

Bypassing MFA on Microsoft Azure Entra ID

TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team...

7.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/05/05 5:0 a.m.31 views

Bullied by Bugcrowd over Kape CyberGhost disclosure

TL;DR The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. A specially crafted JSON payload sent to the CyberGhost RPC service can lead to command line injection when the OpenVPN process is launched, leading to full system compromise. T...

4.3CVSS8.3AI score0.00401EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/08/07 7:42 a.m.31 views

Security Awareness is as valuable today as ever

A while ago I saw a tweet that initially angered me for many reasons, but then I thought about it and wondered how much effort do companies put in to awareness and training. The tweet was: Security awareness is overrated. You got to do it, but dont expect users not clicking on phishing mails agai...

6.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/05/12 7:6 a.m.31 views

Short beacon analysis on the NHS iOS Tracking application

We recently helped the BBC with a piece on the new NHS COVID-19 tracking application. Concerns were raised by some about the ability for the app to track interactions while it was running in the background. There had been some discussion that suggested two iOS devices running the app whilst...

6.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/05/06 11:41 a.m.31 views

Housemates. The new Red Team?

You have the VPN set up, you have 2FA, you have a good enforced password policy, firewalls are in place, you even managed to squeeze in some remote training to make employees more aware of potential phishing. You stop, breathe a sigh of relief, and then think… I've no idea who my employees live...

6.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/04/06 8:3 a.m.31 views

Authenticating your call centre when everyone is remote

Some unique challenges present themselves as workforce's shift to remote working. One that is not likely top of the pile, but is an easy avenue for abuse is authentication. When I talk about authentication, I don’t mean how users logon or access their emails for example. What I mean is how you...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/11/26 10:30 a.m.31 views

ITV: New rules to prevent children’s ‘smart’ toys from being hacked

In the run up to Christmas we were asked by ITV's Chris Choi to demonstrate some of the security fails we see in kids toys all the time. We showed him our research on My Friend Cayla, and Tekstra Toucan amongst others, and made the point that while manufacturers need standards and codes of practi...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/10/01 1:25 p.m.31 views

Running a security awareness program

So, you've finally convinced management of the need for security awareness training. What next? I’ve been performing security awareness training for around 10 years, and doing it full time here at PTP for the last 3 and a half years. From the thousands of sessions I have run I’ve found the most...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/08/23 5:38 a.m.30 views

How to root an Android device for analysis and vulnerability assessment

TL;DR Rooting is useful for Android assessments The process is relatively simple It will wipe all user data from the device and void any warranty Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/01 6:3 a.m.30 views

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus. TL;DR Flysmart+ is a suite of apps for pilot EFBs, helping deliver...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/10/09 5:28 a.m.30 views

The reality of Apple watch pen testing

Introduction We were approached to do an Apple Watch application test. It seems this isnt a service offered by many companies including us, although we’ve done plenty of work on Android Wear before but also, little information exists online about attempts, experiences or if it’s even possible. So...

6.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/08/01 5:5 a.m.30 views

Efficient Infrastructure Testing

Before we start lets set the scene regarding vulnerability assessment. It is imperative that enterprises conduct their own continuous automated scanning, to have up-to-date assessments of threats that their networks may be susceptible to. Infrastructure penetration testing discussed in this blog...

Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/09/03 4:30 a.m.30 views

From open Guest Wi-Fi to pwning a lift

…or why validating network segregation is critical TL;DR A recent engagement took quite an unexpected turn and led to me having remote control of a bunch of building services including a lift from the street outside, unauthenticated. A single firewall rule bypassed some well configured VLANs and...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/10 6:43 a.m.30 views

Password managers for all staff. Why the resistance?!

I’ve lost count of the number of times I’ve talked about passwords. I mention them in every talk I do. They are used in pretty much every service we test, they are the gatekeepers to our data, they are the protectors of our money and yet we still have not fixed them. As security professionals we...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/11/15 7:9 a.m.30 views

Consumer Advice: Kids GPS tracker watch security

Parents are advised to rethink using GPS tracking watches for their children as a result of serious security concerns. Tracker watches can be worn by children and report their position to their parents via a mobile app. They are designed to increase child safety: you always know where your child...

6.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/10/10 8:18 a.m.30 views

It’s Not Daddy Calling

How I found vulnerabilities that could put the safety of children in jeopardy How it started A friend recently showed me a tracker watch that he’d purchased for his son. It offered useful functionality such as two-way calling, and the accompanying app allowed him to track the location of his son...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/05/16 2:44 p.m.30 views

Hijacking Philips Hue

We were filming a smart home hacking piece on the 5th May this year. Like most home users, the Wi-Fi PSK wasn’t strong enough, so we cracked it and joined the network. The user had a Philips Hue lighting system. None of us here had looked at Hue before - we made an assumption after the previous...

6.6AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/05/12 5:47 a.m.29 views

Netflix MH370: The plane that wasn’t hacked

I’m a sucker for a good documentary, but the recent Netflix MH370: The Plane That Disappeared had me shouting at the screen. The first episode talks about the most widely accepted theory; a tragic pilot-created murder-suicide. However, the second episode goes completely off the rails, discussing ...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/05/03 5:50 a.m.29 views

Netflix MH370: The plane that wasn’t hacked

I’m a sucker for a good documentary, but the recent Netflix MH370 piece had me shouting at the screen. The first episode talks about the most widely accepted theory; a pilot-created murder-suicide. However, the second episode goes off the rails, discussing Russian special operations hacking the...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/08/13 3:24 a.m.29 views

Database Integrity Vulnerabilities in Boeing’s Onboard Performance Tool

This post is released in a co-ordinated manner with Boeing. TL;DR: Security gaps in older, unprotected Windows desktop versions of Boeing’s Onboard Performance Tool OPT could make certain Electronic Flight Bags EFB more susceptible to attack. In particular, OPT’s use of plain text configuration...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/07/07 6:11 a.m.29 views

Pwning smart garage door openers

TL;DR We reversed a smart garage door opener, which appeared pretty secure at first: The firmware was encrypted, debug access was restricted, the web server wasn’t running as root, it had unique passwords per device But we found a way in, allowing us to open all the garage doors …And made it play...

8.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/30 5:12 a.m.29 views

Scams and how to spot them

We’re in strange times at the moment. Some things dont change though e.g. the scams and fraudulent activity designed to separate people from their money or identity. When dealing with these scams the main thing to remember is: If it seems too good to be true, it probably is. While that statement ...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/05/04 6:14 a.m.29 views

Speaking at security events

I don't claim to be an amazing speaker; I'm still in awe of great infosec speakers such as Mikko Hypponen, Charlie Miller, Mudge and many others. However, I do keep being invited back to speak at events, so I guess I'm doing something right. Sometimes it's a minor slot at a big event, but the...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/12/13 9:1 a.m.29 views

Satellite communications equipment security

Introduction Satcoms are the game changer in maritime cyber security. In the past, satellite connectivity was so expensive as to be prohibitive for all but the most essential communication. Crew personal email and social media access was a pipe dream. However, now that ship operators have access ...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/08/14 9:10 a.m.29 views

Hacking the Bitfi Part 5: MITM transactions

So what’s latest with the Bitfi unhackable/hackable crpto currency wallet? Bitfi release software version 89 over the weekend. Devices updated, so we had a look to see what had changed. First, they’ve tried to stop the passphrase and seed from being cached in memory and therefore trivially...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/23 6:49 a.m.28 views

Advice for manufacturers on the coming PSTI regulation

TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure Product Security Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/20 6:40 a.m.28 views

Cyber security for Credit Unions 101

American consumers have two clear yet vastly differing choices when it comes to banking. Many opt for a large-sized national or regional bank. Folks select this option for a variety of reasons, typically due to the vast services and ease of use these powerhouses provide. Roughly 60% of Americans...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/08/25 5:18 a.m.28 views

Bluetooth + Electrical switchgear

The ongoing rapid growth of Industrial IoT IIoT across all business sectors continues to bring to focus the discrepancies that exist between the approaches to safety and cyber-security on safety critical sites. Safety has been culturally ingrained into all aspects of industrial site operations fo...

0.5AI score
Exploits0
Total number of security vulnerabilities506