506 matches found
EFB ePIL. Pinching passenger PII from pilots
TL;DR The Passenger Information List PIL is often now available on EFBs and crew devices. It stores information such as passenger names, seat numbers, and customer services information. Digital versions of the PIL enable crew to offer more bespoke customer service Information on a PIL is differen...
Fire detection system been pwned? You’re not going to sea
TL;DR Hardcoded SSH and VNC credentials found on Consilium Salwico CS5000 panels SSH access allows OS-level interaction, and VNC access gives UI control It may be possible to disable the fire detection system Attempts to disclose vulnerability to Consilium multiple times since 2022 Consilium...
The remote desktop puzzle. DFIR techniques for dealing with RDP Bitmap Cache
TL;DR How RDP Bitmap Cache can reveal user activity No RDP logs? How can we reconstruct RDP activity? How cached tiles can uncover insider threats Introduction A lot of people are aware of RDP and what its functions are. It’s known for providing remote access and making life easier for...
Unallocated space analysis
TL;DR Unallocated space retains remnants of deleted files, metadata, logs, caches, and other artefacts. This is useful if a user attempts to cover their tracks, delete files, reformat drives, or use anti-forensic tools. These remnants can help reconstruct user actions exposing data exfiltration...
New mandatory USCG cyber regulations. What you need to know
TL;DR US Coast Guard introduces mandatory new Marine Transportation System cybersecurity requirements They take effect on July 16, 2025, and training must begin by July 17, 2025 US flagged large commercial vessels affected Cybersecurity Officers CySO need to be appointed Penetration testing of...
Testing the security of CCTV systems
TL;DR CCTV is often overlooked; ‘shadow tech’ whose security isn’t as carefully reviewed as core IT assets It is often a responsibility for facilities managers who may have little experience of cyber security Security of the hardware and software of some CCTV camera brands is sorely lacking A...
Proroute H685 4G router vulnerabilities
TL;DR Two vulnerabilities on the Proroute H685t-w 4G Router Authenticated command injection is possible through the admin interface Reflected Cross Site-Scripting is possible through the admin interface Patch any routers to revision 3.2.335 or higher Vulnerability 1: Command Injection on Proroute...
QR Phishing. Fact or Fiction?
October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing QR Code phishing and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the attacke...
Have you been compromised?
Imagine the scenario… A nation state recruits an asset / spy at age 18. Their education and living expenses are fully funded, all with the aim of getting them a job at a target organisation. All goes to plan, on paper they’re a good fit and they get a low profile graduate role in the company. Lif...
Exposed Gits: 10 Years on
Nearly 10 years ago my colleague wrote a cracking post on exposed Git repositories. 10 years is a long time in cyber security, but you’d be surprised how many things you thought should have gone extinct that haven’t. A prime example is a recent finding of a handful of exposed .git repositories. A...
Your cloud? My cloud now
A true story on taking over a client’s Azure tenant via a successful phish. TL;DR A tempting phish got lots of users to disclose their passwords, and a lack of training resulted in the victims accepting the Microsoft push-based multi-factor authentication. This resulted in gaining access to Slack...
SkyFail. 6 million routers left exposed
Sky broadband had a significant security flaw in around 6 million of their customer routers that would allow remote compromise of home networks. When informed about it, they took nearly 18 months to fully fix the problem. TL;DR Around 6 million Sky routers were vulnerable to a DNS rebinding...
Time based username enumeration
Back in the day, it used to be easy to enumerate email addresses from forgotten password forms. Differences in the response made it easy to check if accounts existed. After that, you could brute force the password if there weren’t lockouts in place, or if there were, you could lockout a lot of us...
Securing mobile devices. A timely reminder
While home working might now be the norm for some, more and more people are going back to their place of work on a more regular basis. If you’re commuting again or if you’re responsible for securing your people’s devices it’s a good idea to revisit and review your security admin for mobile device...
Smart lighting security
Smart lighting systems create great opportunity for improved efficiency, cost savings and easy management. The long lifespan and low power requirement of LED luminaires and lamps means that it’s worth investing in replacing older fluorescent and incandescent lighting. RJ45 connections delivering...
From Minecraft to Metasploit. Game hacking could start your cyber security career
Human beings are curious. Give a computer game to a kid and it’s only a matter of time before they get bored with the constraints of the gameplay and start trying novel things. This is encouraged by a lot of game developers by hiding Easter eggs in hard to reach locations. Once the confines have...
Don’t get burnt on pay day. How to buy IoT gadgets sensibly
As it’s the end of the month, and pay day for many, I thought some timely advice would be helpful for people itching to spend their money on IoT gadgets. It’s not all bad. While many manufacturers happily continue to fill shelves with dross, we know plenty of responsible companies whose products...
Hacking train passenger Wi-Fi
After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here’s a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network ...
Not everything in a data leak is real
TL;DR Data breaches make the headlines usually because of the sheer volume of data Research shows that often the volume of data is falsely inflated How forensics experts can spot it Introduction When a data breach hits the news, it's usually all about the numbers: millions of names, emails, and...
Preparing for the EU Radio Equipment Directive security requirements
TL;DR UK & EU IoT vendors have more security regulation coming in Applies to all wireless devices Comes into force 1st August 2025 It may be absorbed into the Cyber Resilience Act From 1st August 2025, mandatory cybersecurity requirements come into effect under the EU’s Radio Equipment Directive...
Leave the World Behind, or don’t
I watched Leave the World Behind on Netflix recently. I was intrigued as the trailers showed an oil tanker crashing on to a beach. It was implied that it had been hacked and someone had taken control of it. Shipping security is something we know quite a bit about, having been asked to hack a larg...
Impacts on ICS from the updated Cyber Assessment Framework (CAF)
NCSC has released an update of the Cyber Assessment Framework CAF. The CAF represents where the rubber hits the road for the UK’s NIS regulations. TL;DR The NCSC CAF has been updated to version 3.2. There has been a material change to three aspects of the CAF. The changes are broadly sensible and...
Navigating the perilous waters of conference invitations
TL:DR Being asked to speak at events is great …except when it looks like a scam or a phishing attempt This is walkthrough of my experience If you think it’s a scam, it probably is Its a typical Sunday evening, and as Im gearing up for the week ahead and an interesting email lands in my inbox. The...
Helping a banking fraud victim
A few months ago an elderly friend of a friend asked for some help. They had been scammed and had £10K stolen. Was there anything I could do to help? This wasn’t going to be a pleasant task: recovering monies stolen as a result of banking fraud is all but impossible. I was going to have to explai...
It’s always DNS, here’s why…
Introduction Theres an old adage in network and Internet support: When something breaks in any network "it was DNS". Sadly its usually true. …or at least it is when you have certain timeouts, or when a company you used to work for moves from the stable Unix based DNS to a Windows based one and th...
DPD package sniffing
TL;DR An unauthenticated API call was identified in DPD Group’s public API that could allow a user with a valid package ID to, with some basic OSINT, discover the package’s destination postcode and thus obtain all details about the package. DPD Group were prompt in the triage and resolution of th...
A masterclass in responding to vulnerability disclosure: The Buddi app and tracker
The Buddi tracker is used for tracking elderly and vulnerable people. It’s a GPS/GSM-based clip-on device that reports wearer position to an app via a platform. It means that the wearer can easily be found by their carer or the emergency services, should they become lost and unable to make their...
Hijacking smart luggage
When is a vulnerability not a vulnerability? I’m not sure this counts as a vuln per-se, but some easily-fixed and simple manufacturer mistakes result in trivial hijack of…. yes… your smart luggage. The Airwheel SR5 is the first smart luggage that we’ve seen. It can automatically follow the owner...
Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
This post is a companion to the DEF CON 28 video available here Breaking the Firmware of Samsung’s NFC Chips Recently I have been looking into how to push the capabilities of my old smartphones beyond what you could traditionally do just by rooting it. Smartphones contain huge amounts of hardware...
Xmas Light Security Improves… a bit
We've looked at smart Xmas lights before; whilst they were vulnerable, there was no consequence to the hack other than making them flash in a different order! In 2018 we looked at the all-new Twinkly smart festive lights. We found a number of security issues, reported them to the vendor and to a...
Totally Pwning the Tapplock Smart Lock
TL;DR – How to open a Tapplock over BLE in under two seconds: Totally Pwning the Tapplock Smart Lock A couple of weekends ago, a YouTuber called JerryRigEverything posted a teardown of a “smart” padlock, called the Tapplock. He discovered that, using a sticky GoPro mount, he could remove the back...
Man Climbs Severn Bridge. Your office is twice as easy and half as scary
So you think no one would ever sneak into your business? Think Again. The man who climbed the Severn Bridge and broke into the Big Brother house seems to have method to his madness. Here’s why. When I describe Social Engineering to some I get a common response: “Yeah, but who would ever do that i...
New cybersecurity rules for smart heat pump manufacturers
TL;DR Smart heat pumps face new UK cybersecurity rules Must meet ETSI EN 303 645 under the Smart Secure Electricity Systems programme Applies to most domestic heat devices up to 45 kW Compliance deadline expected to be late 2026 / early 2027 Aims to protect consumers, data, and the national grid...
Hiding behind a password
What do your passwords say about you? It’s surprisingly personal. User generated passwords can reveal more than you might expect, including frustration, humour, and even how someone feels about their job. My password manager database has over 350 entries. I have chosen or generated all of them wi...
PCI DSS v4.0 Evidence and documentation requirements checklist
TL;DR PCI DSS is complex and challenging Review the 12 top level controls Arm yourself with this checklist to help you navigate it Introduction PCI DSS v4.0 is challenging for a number of reasons: increased complexity, future-dated requirements, high costs and resource demands, vendor management...
ICS testing best results. Hint: Blend your approach
TL;DR Onsite ICS testing is risk averse Laboratory ICS device testing uncovers more A blended approach is key How that works Demonstrable benefits Introduction For safety’s sake onsite ICS testing adopts a risk averse approach, even if scheduled during downtime or a maintenance period. It’s vital...
Tackling AI threats. Advanced DFIR methods and tools for deepfake detection
TL; DR AI-generated documents, videos and more pose significant challenges for DFIR DFIR teams can harness innovative detection strategies and tooling Digital fingerprinting and watermarking, AI-powered and behavioural analyses Hardware-based forensics and image-specific forensic techniques...
How easily access cards can be cloned and why your PACS might be vulnerable
TL;DR Access cards can be cloned There are practical measures to make card cloning difficult Practical guidance on how these systems work and why you should make sure they’re configured right What is a physical access control system? A physical access control system, or PACS, is the system that...
Did security gaps at Antwerp port enable drug smuggling operations?
TL;DR Why hack shipping? For profit. Criminals have been proven to have hacked port systems to bypass security and facilitate drug smuggling. Evidence of hacking? Rarely reported, but cases like MSC and Glencore’s cobalt theft and the incidents at the Port of Antwerp below provide real examples...
OSINT your OT suppliers
There is much talk about supply chain security and reviewing your suppliers for cyber security. But how much information do they intentionally and unintentionally leak about your organisation online? We see this particularly in the industrial controls sector as its cyber security maturity is...
Scanning for security.txt files
Introduction RFC 9116 was written by E. Foudil and Y. Shafranovich and left draft status in April 2022. This RFC formally defines the unofficial security.txt file that has been an unofficial standard for many years, initially created back in 2017 and documented at . The security.txt file provides...
Limiting your exposure to location data resellers
Location data is valuable, just ask Huq Industries, who make a living out of selling your location information, then found that the apps they bought it from hadn’t asked the end users permission to have it! Naughty! The organisations they sell it to use it for better marketing, to get a better...
A dive into the Rockchip Bootloader
TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this guide to access and reverse engineer bootloaders. Introduction Rockchip are a Chinese company...
PCI DSS. Where to start?
TL;DR Determine your role: Merchant or service provider Determine your level and requirements Identify your validation method: SAQ or RoC Use the PCI website Introduction The Payment Card Industry Data Security Standard, or PCI DSS, outlines essential requirements for protecting both you and your...
How we helped expose a £12 million rental scam
TL;DR We helped Channel 4 with trying to track down rental scammers. We are not the police so we could only take it so far and any proving guilt or innocence would be a police matter. We saw organised approaches and elaborate setups. A lot of technical and money laundering techniques were needed...
You lost your iPhone, but it’s locked. That’s fine, right?
TL;DR Default iOS configuration leaves your locked device vulnerable Ensure your emergency contacts are set. Use ‘FindMy’ to track / wipe lost devices. Take regular backups. Consider turning off the lock screen message previews. Introduction Picture this: you've lost your iPhone. Luckily, it's...
Maritime lawyers assemble!
Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...
BEC-ware the phish (part 1). Investigating incidents in M365
TL;DR Review the key artefacts to ensure the best possible telemetry is available in the case of a Business Email Compromise BEC. Keep an eye on data retention, where necessary export or forward data for investigations longer than 30 days. Verify and enable Unified Audit Logging, its free and giv...
Living off the land, GPO style
TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...
Smart home security advice. Ring, SimpliSafe, Swann, and Yale
Introduction This guide covers the security of smart home security products from Ring, Yale, Swann, and SimpliSafe. Whether you're looking to monitor your property remotely, enhance your home's security, or see who’s at the front door, this guide will provide you with valuable insights. We have...