Technical Insights and Research from Our Team of Specialists

Major Ransomware Groups
Conti, Ryuk, and REvil are three of the most well-known and notorious ransomware groups that have caused significant damage and financial loss to organisations worldwide. Each of these groups has their own unique tactics and techniques, but they all share a common goal of extorting money from their victims through
Ransomware, a multifaceted cyber threat, is more complex and damaging than many realise. With diverse attack vectors and multiple profit mechanisms, it represents an escalating danger. This guide delves into the intricacies of double extortion in Ransomware, offering comprehensive insights into its operations, impact, and why it's a significant concern.
Ransomware is a growing threat. It's undeniable and indiscriminate, looming over businesses of all sizes and industries. We take a look at the ins and outs of why Ransomware affects all businesses.
June 2023 - We discuss and highlight how we bypassed one of the most heavily used 'zero trust' application whitelisting platforms. Their homepage ironically states that they block execution of anything not explicitly whitelisted 'including ransomware' but as we will show that wasn't entirely accurate...
Password managers stand as an essential tool in the modern digital landscape. With the escalating number of online accounts, they offer a secure repository to organise and store a multitude of passwords, alleviating the need to memorise multiple complex sets of credentials. By generating intricate passwords and encrypting data, these
May 2023 - In this edition, we highlight how a decommissioned application was not fully removed as expected, allowing us to abuse legacy functionality to compromise an enormous amount of client and PII data.
We discovered multiple high severity CVEs in Syncfusion's software and discuss the advantages and disadvantages of utilising third-party solutions in your software. This blog goes into detail about the issues themselves and the corresponding risks that they pose to businesses.
A good MSSP (Managed Security Service Provider) should be able to service all their clients cyber security needs to a very high standard. With the sheer size of the cyber security field, this may not be possible with niche services such as penetration testing and targeted security assessments. Here we
In April 2023, we completed an internal infrastructure security assessment for a client in the financial sector. What we didnt realise, is that this would become our first 'Fail of the Month' blog post... Read below to understand what happened and the technical reasons behind it.
March 2023 - With single sign-on becoming more common during our assessments, we cover one of the vulnerabilities we discovered during an engagement that let us forge SAML responses to escalate privileges in a web application.
Subdomain takeovers are where an attacker is able to abuse dangling DNS aliases for cloud services to host their own content on an organisation’s subdomain. This content could consist of phishing pages, malware or anything else to compromise sensitive data.
In February 2023, we completed a web application security assessment for a new client within the legal field. What followed was a series of hurdles, followed by jumps and yet more hurdles, to eventually end up with a full working attack chain and LFI.
Within almost 99% of web application penetration tests, there is usually at least one TLS / SSL related issue. Typically these are either reported as a Low CVSS score, or sometimes creeping into a Medium, depending on the application and its uses. We wanted to provide an informative article highlighting
ImageMagick is one of those really powerful libraries that always gets mentioned in regards to anything to do with image processing. Sure enough, it’s a case of doing “apt install” and installing the relevant library in whatever programming language is being used. And away you go, you now have support
In December 2022, we completed a web application security assessment for a client who wanted assurance that their newly developed application was ready for production. The application allowed users to upload documents, rename files, create directories – basically acting as a web based file explorer. As a penetration tester, file
In November 2022, we completed a web application security assessment for a new client within the health / wellbeing sector. We were told through previous discussions, that the web application had both standard user accounts for everyday use and administrator accounts for backend administration. As is fairly standard with these
When it comes to writing custom tooling for engagements, the motivations associated with it often vary. At a high level, as a consultancy, having the capabilities to produce allows us to offer a niche but more realistic engagement. We can emulate the adversaries who target similar businesses in the same
Multi-Factor Authentication (MFA) has been widely adopted over the years as a means to enhance the security of authentication processes for all sorts of systems. It has somewhat become a must-have security control in order for organisations to claim that their systems have a withstanding security posture. This is especially
In October 2022, we completed an internal security assessment for a large tech organisation with clients in the legal industry, focused around the handling of sensitive documents for other companies. The scope was focused on their “user network” – which hosted their active directory domain which all of their workstations
In September 2022, we completed an internal security assessment for a large client in the tech industry. The scope was enormous – about 20,000 hosts in scope split over eight different countries. Of these 20,000 hosts, there were approximately 50 Windows machines in a single domain. Our scenario assumed a
In August 2022, we completed a web application penetration test for a relatively new client. The scope was a pre-existing web application that allowed users to manage their calendars, plan events, upload documents and manage their accounts. The application had been tested by a previous penetration testing supplier and received