Cyber Security News & Current Events

The Dangers of Outsourced Development (and the 'AntiHack' Function)

Posted by Eddie on 5/06/19 7:15 AM

 

Seen above is real source code we got access to in a recent web application penetration test by exploiting security vulnerabilities caused by poor secure coding practice. While inspecting source code we found an interesting function called ‘antiHack’ which appears to do nothing but return the inputted data verbatim.

Read More

Topics: Governance, Pentesting

Intro to Injection Vulnerabilities and the OWASP Top 10

Posted by Kristian on 9/04/19 7:15 AM
Overview

Injection vulnerabilities are the most common result of mixing user input with system control. An injection vulnerability can have catastrophic results for a system, potentially leading to a full database dump, and laying the groundwork for a remote shell. In layman's terms, this means an attacker controls the entire system and has access to all data.

Read More

Topics: Fundamentals, Pentesting, Authentication, Compromise

Hiding in plain sight: Preventing data exfiltration via DNS tunnelling

Posted by Eddie on 29/11/18 3:02 PM

As information security has become more important across organisations, so has the role of an information security leader within organisations. As an information security leader in an organisation, several questions recur and are faced daily:

Read More

Topics: Insider, Pentesting, Red Teaming, Phishing

Top 5 Risks a Penetration Test Might Uncover

Posted by Eddie on 5/02/16 1:59 PM

As organisations continue to adopt advancements in information technology and work towards an interconnected world, malicious attackers have not fallen short. The cyber threat landscape has never been more intense, and cyber security has never been more important.

Read More

Topics: Pentesting, Red Teaming, Risk Assessment

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe:

Recent Posts