TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but ...

TL;DR What is CHECK, when should you use it, and why? CHECK is NCSC’s assurance scheme for penetration testing. It began as a way for government and critical systems to be tested safely, but any ...

We help keep money in the banks, planes in the sky, and the lights on.

Unit 2, Verney Junction Business Park, ...

A Live Demonstration of Vulnerability and Exploitation  Witness firsthand how an AI tool can be compromised in this revealing ...

Many organisations are turning to virtualisation of apps and desktops. This often involves virtualisation platforms such as Citrix to deliver these services. Get your configuration or lock-down wrong ...

LPC-NG or Less Paper Cockpit – Next Generation is an electronic flight bag (EFB) application offered by Navblue, a part of Airbus. It’s used for calculating engine thrust requirements (perf) on ...

Over the last year of looking at kids GPS tracking watches we have found some staggering issues. With these devices it almost seems that having multiple security issues is the new normal. While ...

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...

The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. A specially crafted JSON payload sent to the CyberGhost RPC service can lead to ...

SharePoint is a Microsoft platform that enables collaborative working and information sharing. This done with team sites. They work like regular intranet pages with graphics and text, but they also ...

My first DEF CON talk was nerve-racking but something I would definitely put myself through again. In hindsight I should have submitted a 45-minute talk as there were some elements missing from what I ...