TL;DR  Introduction   There is a widely held belief that penetration testing Operational Technology networks is impossible.

TL;DR:  What DORA is, who it affects, and what “good” looks like  If you run a financial services business in the EU, or you provide tech to one, DORA (the Digital Operational Resilience Act) is now ...

Built on five years of hands on, community led events, it has grown into something a bit different from the usual cyber event. More practical. More interactive. More time with the people doing the ...

In our last toy related post we mentioned My Friend Cayla, here we’ll lift the lid on what we found. Cayla is effectively a bluetooth headset, dressed up as a doll. Yes, you can actually make phone ...

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...

Kubernetes has changed the way we deploy and scale workloads. It’s powerful, flexible, and very good at hiding a lot of complexity. It is also very good at hiding security problems until someone ...

It’s more common than you might think to miss built-in defences. Windows has a lot of features that help keep your identity safe, make endpoints more secure, control what software can run, and make it ...

Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a ...

If I had a penny for every time someone said to me “let’s measure our security culture by phishing our staff” I’d probably be able to fill my car up. It’s a really easy thing to do, you carry out some ...

The UK Cyber Security and Resilience Bill (CS&R) was announced last year in the King’s Speech. It addresses gaps in current regulation, like NIS, with a broader scope, enhanced incident reporting ...

Last year, about the time we were messing around with a virtually unheard-of hardware wallet we got a bit excited about the word “unhackable”. Long story short, I ended up supporting a selection of ...