Our Blog
Welcome to our blog, here you will find everything from technical CVE writeups, Cyber Essentials guidance and war-stories of real life engagements.
- NEW
In this post, we’ll shed some light on insecure PRNG vulnerabilities and walk through a real-world example of how such...
In this post, we’ll shed some light on insecure PRNG vulnerabilities and walk through a real-world example of how such...
Learn about HTTP cookies, how they are used and how they can be used to secure web traffic. This blog...
Learn about how HSTS protects users against a variety of threats. We will discuss the use cases for HSTS, how...
Cyber Essentials is a baseline security certification scheme that shows participating organisations are taking measures to protect against common cyber...
Conti, Ryuk, and REvil are three of the most well-known and notorious ransomware groups that have caused significant damage and...
Ransomware, a multifaceted cyber threat, is more complex and damaging than many realise. With diverse attack vectors and multiple profit...
Ransomware is a growing threat. It's undeniable and indiscriminate, looming over businesses of all sizes and industries. We take a...
June 2023 - We discuss and highlight how we bypassed one of the most heavily used 'zero trust' application whitelisting...
Password managers stand as an essential tool in the modern digital landscape. With the escalating number of online accounts, they...
May 2023 - In this edition, we highlight how a decommissioned application was not fully removed as expected, allowing us...
We discovered multiple high severity CVEs in Syncfusion's software and discuss the advantages and disadvantages of utilising third-party solutions in...
A good MSSP (Managed Security Service Provider) should be able to service all their clients cyber security needs to a...
In April 2023, we completed an internal infrastructure security assessment for a client in the financial sector. What we didnt...
March 2023 - With single sign-on becoming more common during our assessments, we cover one of the vulnerabilities we discovered...
Subdomain takeovers are where an attacker is able to abuse dangling DNS aliases for cloud services to host their own...
In February 2023, we completed a web application security assessment for a new client within the legal field. What followed...
Within almost 99% of web application penetration tests, there is usually at least one TLS / SSL related issue. Typically...
ImageMagick is one of those really powerful libraries that always gets mentioned in regards to anything to do with image...
In December 2022, we completed a web application security assessment for a client who wanted assurance that their newly developed...
In November 2022, we completed a web application security assessment for a new client within the health / wellbeing sector....
When it comes to writing custom tooling for engagements, the motivations associated with it often vary. At a high level,...
Multi-Factor Authentication (MFA) has been widely adopted over the years as a means to enhance the security of authentication processes...
In October 2022, we completed an internal security assessment for a large tech organisation with clients in the legal industry,...
In September 2022, we completed an internal security assessment for a large client in the tech industry. The scope was...
In August 2022, we completed a web application penetration test for a relatively new client. The scope was a pre-existing...
