Articles

Breach Summary Target were breached in 2013. The story was initially broken by Brian Krebs in a post published on 18 December 2013 and titled “Sources: Target investigating Data Breach”[1]. This was followed up by a statement from Target announcing the breach on 19 December[16]. The target confirmation stated the ...

Breach Summary TalkTalk suffered a series of security issues in 2015. Right from the start of the year people were discussing an increased number of scam calls[1]. On 26 February 2015 TalkTalk emailed customers to inform them of a data breach in which account numbers, addresses, and phone numbers were ...

Content Security Policy (CSP) allows the application to restrict the location of resources to an allow-list of approved locations, including where scripts can be loaded from and when the application may be framed. This can therefore mitigate reflected and stored cross-site scripting attacks as well as issues such as Clickjacking. ...

Breaking into Penetration Testing can be a daunting career move; so in this article we talked about ways you can make your first move towards a career in this industry. To be clear, this isn’t a definitive guide to the industry – it’s just our opinion on what has worked ...

During Penetration Tests, a common late-stage activity is to compromise the Domain Controller and extract all account password hashes. This would allow for password cracking to be performed across all domain accounts and therefore any accounts with weak password to be efficiently highlighted. We previously covered how to perform incredibly ...

Hosting web application content such as dynamic scripts and stylesheets on third parties such as Content Delivery Networks (CDNs) can allow for significant improvements to site performance and can reduce bandwidth costs. However, scripts included within a web application will execute within the user’s browser with the same privileges as ...

Got a path/directory traversal or file disclosure vulnerability on a Linux-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know! The list included below contains absolute file paths, remember if you have a traversal ...

Got a path/directory traversal or file disclosure vulnerability on a Windows-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know! The list included below contains absolute file paths, remember if you have a traversal ...

So it’s 10:30pm on a Sunday and the wonderful Jake Davis has asked me to give my thoughts on the ludicrous movie that is “Hackers” (1995). It’s been years since I watched it, so I broke out the popcorn… “Hackers” is a movie that I hold fondly in my heart ...

LulzSec were an international hacking crew and today marks 5 years since the end of their most well-known campaign: the “50 Days of Lulz”. They were a hacking crew spread across the planet taking down websites for the lulz. The members were Sabu, Pwnsauce, Tflow, Topiary, Kayla, Avunit, Viral, and ...

Group Policy Preferences (GPP) was an addition to Group Policy to extend its capabilities to, among other things, allow an administrator to configure: local administrator accounts (including their name and password), services or schedule tasks (including credentials to run as), and mount network drives when a user logs in (including ...