TL;DR  Introduction   I’m a huge fan of micro generation and domestic power storage batteries. However, as we dash for net zero, one of the ways to balance the grid is to capitalise on EV batteries ...

Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a ...

The events in Baltimore earlier this year brought maritime cybersecurity into the spotlight. Initial outlandish claims asserted that the MV Dali was certainly hacked, whilst others made the equally ...

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...

As Red Teamers, we often find information in SharePoint that can be useful for us in later attacks. As part of this we regularly want to download copies of the file, or parts of their contents. In ...

Retail systems are designed for speed and convenience. That usually means lots of integration points, frequent change, and a long list of third parties that touch customer journeys. Attackers focus on ...

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...

Digital Forensics and Incident Response (DFIR) has a certain appeal to aspiring cybersecurity professionals. The mix of ‘CSI-style’ forensic investigations with the chaos and pressure of incident ...

AI is proving to be a useful companion for analysing data at scale for forensic examiners (data that is already publicly available if not privately hosted). This involves building an AI chatbot system ...

Unauthorised network access remains a significant threat, especially for organisations lacking robust network security controls. If an attacker infiltrates a building and connects their device to the ...

A tempting phish got lots of users to disclose their passwords, and a lack of training resulted in the victims accepting the Microsoft push-based multi-factor authentication. This resulted in gaining ...

A few weeks back we read a story on the BBC web site about a BBC employee seeing someone else’s video footage on the mobile app for their home security camera. It wasn’t clear how this happened, but ...