TL;DR  Introduction   There is a widely held belief that penetration testing Operational Technology networks is impossible.

Built on five years of hands on, community led events, it has grown into something a bit different from the usual cyber event. More practical. More interactive. More time with the people doing the ...

TL;DR:  What DORA is, who it affects, and what “good” looks like  If you run a financial services business in the EU, or you provide tech to one, DORA (the Digital Operational Resilience Act) is now ...

As Red Teamers, we often find information in SharePoint that can be useful for us in later attacks. As part of this we regularly want to download copies of the file, or parts of their contents. In ...

Key relay attacks against keyless entry vehicles are well known. Many 3 rd party car alarm vendors market themselves as solutions to this. We have shown that fitting these alarms can make your vehicle ...

When researching lateral movement techniques I came across a post from Raphael Mudge (of Cobalt Strike fame). He details scripting an Aggressor Script for Matt Nelson’s MMC20.Application Lateral ...

In our last toy related post we mentioned My Friend Cayla, here we’ll lift the lid on what we found. Cayla is effectively a bluetooth headset, dressed up as a doll. Yes, you can actually make phone ...

The ability to edit Group Policy Object (GPOs) from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what ...

I stumbled into infosec the same year the NSA graced us with Ghidra. It’s by far become the most used tool in my arsenal for reverse engineering and vulnerability research. It’s free, extensible, and ...

GPS is one service in the Global Navigation Satellite System (GNSS). Others include Russia’s GLONASS and the EU’s Galileo constellations. These are all used to provide Position, Navigation, and Timing ...

We’ve seen an increase in multi-stage Adversary in the Middle (AiTM) phishing BEC in M365. These usually originate from a compromised trusted party, and lead to a series of AiTM attacks and follow-on ...

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...