Pen Test Partners

You can pen test OT networks without breaking them

TL;DR  Introduction   There is a widely held belief that penetration testing Operational Technology networks is impossible.
Pen Test Partners

BSidesHBG 2026

Pwning web sites through their AI chatbot agents and politely breaking guard rails ...
pentestpartners.com

PTP Cyber Fest 2026

Built on five years of hands on, community led events, it has grown into something a bit different from the usual cyber event. More practical. More interactive. More time with the people doing the ...
pentestpartners.com

The unexpected effects of GPS spoofing on aviation safety

GPS is one service in the Global Navigation Satellite System (GNSS). Others include Russia’s GLONASS and the EU’s Galileo constellations. These are all used to provide Position, Navigation, and Timing ...
pentestpartners.com

Steal your Wi-Fi key from your doorbell? IoT WTF!

The Ring is a Wi-Fi doorbell that connects to your home Wi-Fi. It’s a really cool device that allows you to answer callers from your mobile phone, even when you’re not home. It’s one of the few IoT ...
pentestpartners.com

Fully segregated networks? Your dual-homed devices might disagree

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...
pentestpartners.com

SweetPotato – Service to SYSTEM

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...
pentestpartners.com

How to load unsigned or fake-signed apps on iOS

In certain circumstances it can be challenging installing client applications for testing. Situations arise where the application could be provided unsigned or requires self-signing. As a result, the ...
pentestpartners.com

Making children’s toys swear

In our last toy related post we mentioned My Friend Cayla, here we’ll lift the lid on what we found. Cayla is effectively a bluetooth headset, dressed up as a doll. Yes, you can actually make phone ...
pentestpartners.com

Using AI Chatbots to examine leaked data

AI is proving to be a useful companion for analysing data at scale for forensic examiners (data that is already publicly available if not privately hosted). This involves building an AI chatbot system ...
pentestpartners.com

How can you protect your data, privacy, and finances if your phone gets lost or stolen?

The UK is witnessing a rise in phone thefts. This surge in criminal activity sees thieves brazenly snatching smartphones from unsuspecting pedestrians, often in broad daylight and crowded areas. In an ...
pentestpartners.com

eyeDisk. Hacking the unhackable. Again

Last year, about the time we were messing around with a virtually unheard-of hardware wallet we got a bit excited about the word “unhackable”. Long story short, I ended up supporting a selection of ...