Always-On Security Testing
AkimboCore are a cybersecurity testing company with an aim:
To work hard on the interesting problems
and to automate the boring ones.
We find security flaws in systems by combining penetration testing activities and bespoke automation. Our goal is to be more effective than vulnerability scanning and more efficient than penetration testing.
We deliver this through an online platform which makes monitoring, managing, and halting security testing easy.
We offer a range of cybersecurity services to help keep your organisation safe:
We've developed an online security testing platform that finds security issues in your systemsLearn More
We deliver security training on topics such as building more secure web applications to security awareness.Learn More
AkimboCore offer a range of security testing services, from traditional penetration testing to modern approachs such as always-on security testing. We find vulnerabilities in your systems and guide you through the process of making them more secure.
Always-on Security Testing - Our A-oST service combines manual penetration testing with bespoke application-specific automation, to provide a continuous assessment of your organisation risk. We aim to be more efficient that traditional penetration testing and more effective than simple vulnerability scanning.
Penetration Testing - If you just need a one-off security assessment, then penetration testing will deliver that. We determine your organisation's real-world risk using a manual approach and verify risks to eliminate false positives.
The AkimboCore team regularly run hands-on security and penetration testing courses across the UK. With labs to allow you to get practical experience breaking security systems, before teaching you how to build the systems in a more resilient way.
Building and Breaking: Infrastructure - Learn how to compromise and secure network infrastructure. From zero access to Domain Administrator. Ideal for system administrators, IT helpdesk staff, or those looking for an introduction into ethical hacking and penetration testing.
Building and Breaking: Web Applications - Learn how to compromise web applications and APIs with penetration testing techniques; with hands-on labs covering the OWASP Top 10 and more. Ideal for software developers who build things for the web, or those looking for an introduction into web application penetration testing.
Security Awareness Training - We show your staff how we compromise systems as part of our day-job, and how they can stay safe. Ideal for non-technical staff members who need a broad overview of working securely.
Sometimes you don't need a neat packaged-service, but you just need some help with a project, we offer cybersecurity consultancy which can offer just that.
Security Consultancy - Want some help creating, developing, or implementing a security action plan? Want a review of your cybersecurity stance? Or just want to talk to an expert? Our team offer cybersecurity consultancy which could help you out.
Information Security Articles
We offer articles running through common and serious vulnerabilities within networked systems. We release security content on a range of topics, such as web applications, networks, and wireless.
LLMNR and NetBIOS-NS Spoofing with Responder
Published on 12 April 2020
Link-Local Multicast Name Resolution (LLMNR) and NetBIOS-Name Service (NBT-NS) are name resolution protocols that are enabled by default on Windows machines. They’re both used as a fallback for DNS. If a machine requests a hostname, such as when attempting to connect to a file-share, and the DNS server doesn’t have an answer – either because the DNS server is temporarily unavailable or the hostname was incorrectly typed – then an LLMNR request will be sent, followed by an NBT request. LLMNR is a multicast protocol and NBT-NS is a broadcast protocol.
Therefore, an attack can take place where an attacker responds to these requests with illegitimate requests. For example, directing the requesting user to connect to the attacker's machine where an authentication attempt will be made – disclosing hashed credentials for the targeted user.Read More...
PrivEsc: Extracting Passwords with Mimikatz
Published on 08 April 2020
We recently published an article on using Incognito for privilege escalation as part of a short series on using Metasploit. In this article we’ll cover an alternative approach for privilege escalation – extracting plaintext credentials. Whilst incognito is generally easier to use, Mimikatz is powerful and flexible.Read More...
Published on 06 April 2020
Metasploit is an exploitation framework. It’s a core tool of the penetration tester’s toolset and we use it for several of our vulnerability demonstrations, so it makes sense to write a quick “introduction to” for Metasploit. We’re going to look at the module system, navigating around, setting variables and running payloads.Read More...
PrivEsc: Token Impersonation with Incognito
Published on 06 April 2020
Incognito is a tool which can be used for privilege escalation, typically from Local Administrator to Domain Administrator. It achieves this by allowing for token impersonation. As a local administrator can read the entirety of memory, if a domain administrator is logged in their authentication token can be stolen. We'll investigate its use here.Read More...
Network Mapping with Nmap
Published on 03 April 2020
Before being able to determine if systems are vulnerable, it’s critical to first find as many active systems within the scope as possible and to accurately determine what services those systems expose. A common tool for use in network mapping is Nmap.Read More...
Content Security Policy
Published on 18 March 2020
In our post on Finding and Fixing Cross-site Scripting, we recommended the use of Content Security Policy (CSP) to mitigate the effects of this vulnerability. It does this by allowing you to set up an allow list of resource locations (such as scripts) for your web pages, and therefore inform the browser to block any scripts that do not come from an authorised source. The problem is, you have to set up an allow list of resource locations, or the resource will be blocked.Read More...
Articles grouped by category
Articles concentrating on network and operating system level attacks.
Articles covering attacks against web applications and their associated APIS.
Articles concentrating on past data breaches, looking for lessons learned.
Articles covering breaking into wireless networks and how to keep them safe.