TL;DR  Introduction   In my previous blog post, I wrote about finding your path into DFIR; how to get started, where to focus ...

Ken Munro will be presenting: Flirting with AI: Pwning web sites through their AI chatbot agents and politely breaking guard rails And Joining the closing Keynote Panel: The Quantum Horizon: Cyber ...

UK Office Pen Test Partners LLP, Unit 2, Verney Junction Business Park, Buckingham, MK18 2LB, United Kingdom +44 20 3095 0500 ...

TL;DR  Introduction   There is a widely held belief that penetration testing Operational Technology networks is impossible.

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...

Key relay attacks against keyless entry vehicles are well known. Many 3 rd party car alarm vendors market themselves as solutions to this. We have shown that fitting these alarms can make your vehicle ...

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, ...

Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a ...

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...

The ability to edit Group Policy Object (GPOs) from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what ...