TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but ...

Join Spencer Kelly and Ken Munro for a special Cybersecurity Awareness Month briefing on the biggest threats facing ...

In part one we started hacking Bluetooth and made a little £2 key-finder beep using only Android and Linux. If you haven’t read that post, I would recommend it as a primer to the devices, BLE and what ...

Use Linux and a Bluetooth adapter card—this could be a built-in or cheap USB dongle. It’s probably FREE to most practicing hackers. Remember that Raspberry Pi 3 (or newer) sitting in your drawer?

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...

I’ve been advising on cyber risk in the insurance sector for over a decade. It still surprises me how many proposal forms include questions that offer very little insight into the actual risk being ...

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...

In certain circumstances it can be challenging installing client applications for testing. Situations arise where the application could be provided unsigned or requires self-signing. As a result, the ...

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...

As Red Teamers, we often find information in SharePoint that can be useful for us in later attacks. As part of this we regularly want to download copies of the file, or parts of their contents. In ...

In digital forensic investigations involving suspected data exfiltration, the analysis of unallocated space plays a critical role. Unallocated space refers to portions of a storage device that are not ...

The aviation industry realised some time ago that taking a standard approach to the cyber security of its products was needed and that this was a specialist discipline. A family of documents was ...