We have been delivering cybersecurity expertise to a wide variety of industries and businesses since 2010
We often find built-in Windows defences disabled or misconfigured during assessments. Those same controls can help stop credential theft, boot-level malware, and memory attacks when properly configured.
In our latest blog post, Nicole walks through five Windows security features you should be using, explains what they do, why they matter, and how to check them on your systems.
#windowssecurity #incidentresponse #endpointsecurity #cybersecurity #dfir
Android app testers and security engineers spend a lot of time dealing with Activities. The attack surface may look small, but a poorly configured Activities can expose data or let other apps do things they shouldn't. In this blog post, David Lodge explains how exported and debug Activities, weak WebView settings, and missing window security flags can pose security concerns.
đź“Ś https://www.pentestpartners.com/security-blog/android-activities-101/
#androidsecurity #cybersecurity #appsec #mobile #pentesting #infosec #securitytesting
Cloud compliance dashboards, CNAPP, and CSPM can all show green, but they don't show your entire attack surface.
The issue is not with the dashboards, but with the blind spots that lie outside their view, such as leaked developer personal access tokens or overprivileged pipelines that do not appear as non-compliant.
In this blog post, Joe Durbin looks at those gaps around tokens, pipelines, and third-party build services. He explains how human-led configuration reviews and custom threat actor simulations work alongside provider tools to show and test your actual attack surface.
đź“Śhttps://www.pentestpartners.com/security-blog/beyond-cloud-compliance-dashboards-whats-next/
#cloudsecurity #cloudnative #devsecops #cnapp #cspm #cybersecurity
Misconfigured Kubernetes clusters are still one of the easiest ways attackers get in.
In this blog post, Craig Dowey breaks down the common Kubernetes misconfigurations we see in testing and shows how to lock down access, harden workloads, and enforce pod security admission across namespaces.
đź“Ś Read here: https://www.pentestpartners.com/security-blog/common-kubernetes-misconfigurations-and-how-to-avoid-them/
#kubernetes #cloudsecurity #devsecops #containers #cybersecurity
The real-time yield data from connected farm machinery could give attackers an early look at crop outputs before the market does, creating opportunities to manipulate or profit from commodity futures.
Such an attack is a real risk due to the various weaknesses in on-vehicle hardware, telematics units, and ag cloud APIs. Securing these systems will protect both farmers and the markets.
đź“ŚRead the blog post here:https://www.pentestpartners.com/security-blog/exploiting-agtech-connectivity-to-corner-the-grain-market/
#cybersecurity #agtech #iotsecurity #marketabuse #pentesting #connecteddevices
Finding your path into DFIR can be tough, but the community makes all the difference.
Our Joseph Williams shares his journey into Digital Forensics and Incident Response, with practical guidance for anyone looking to follow a similar route.
đź“ŚRead here to start your journey: https://www.pentestpartners.com/security-blog/finding-your-path-into-dfir/
#DFIR #DigitalForensics #IncidentResponse #CyberSecurity #InfoSec #CareerDevelopment
The bar for CHECK testers is higher now. Charterships, tighter reporting reviews, and further guidance are now written into the scheme.
In this blog post, Lewis Cradduck explains what the new requirements mean for CHECK team leaders and members, how UK Cyber Security Council titles map to roles, and what changes NCSC has made in the scheme.
đź“ŚRead here: https://www.pentestpartners.com/security-blog/what-testers-need-to-know-about-the-changes-to-the-check-scheme/
#CHECK #NCSC #penetrationtesting #cybersecurity #UKCSC #Chartership
Exposing your home lab to the internet can open a path into your personal accounts and even your work assets.
In our latest blog post, Morgan Davis shows how to cut that risk with low-cost controls you can apply today, no enterprise tools needed. It teaches security thinking to help you reduce your attack surface and more.
đź“Ś Read the guide here: https://www.pentestpartners.com/security-blog/hardening-your-home-lab/
#cybersecurity #homelab #selfhosting #dockersecurity #linuxsecurity #infosec
Payroll diversion scams are still catching people out.
Attackers use LinkedIn to find out who works in payroll, and then they send convincing emails asking to change salary payment details. One forwarded message is all it takes for the fraud to seem real.
Our latest blog post by Dave Wardle explains how these scams work, the internal controls that stop them, and the LinkedIn privacy settings that make you harder to target.
đź“ŚRead here: https://www.pentestpartners.com/security-blog/stop-payroll-diversion-scams-before-they-start/
#cybersecurity #socialengineering #phishing #payroll #fraudprevention #infosec
When a breach occurs, it’s too late to wish you’d configured your logs...
Incident responders can only work with what’s there. Our latest blog post, written by Nicole, breaks down which logs provide the best chance of understanding what really happened and how to configure them before you need them, so you can get back to business as usual swiftly.
đź“ŚRead here: https://www.pentestpartners.com/security-blog/the-logs-youll-wish-you-had-configured-if-when-you-are-breached/
#cybersecurity #incidentresponse #digitalforensics #sysmon #windowssecurity #infosec
Need Nmap in a locked-down container? Build it yourself... safely.
Ever tried running Nmap in a hardened environment only to hit missing libraries? Downloading random static binaries from the internet is a risky endeavour.
Our Gabriel Garcia Teran walks through building your own Nmap, and has made a Go interactive tool that lets you select flags and versions, then generates and runs the full build command.
No black-box downloads!
đź“Ś Read here: https://www.pentestpartners.com/security-blog/compiling-static-nmap-binary-for-jobs-in-restricted-environments/
#cybersecurity #nmap #redteam #containersecurity #infosec #devsecops
Honeypots, when set up correctly, can become sensors that reveal attacker behavior. Add that with Suricata's rules and tuning, and they can provide clear, named alerts that cut away the noise.
Our Luke Davis set up a T-Pot with Suricata for 3 days, and it flagged probes for OpenSSH “regreSSHion” (CVE-2024-6387) and Treck TCP/IP (CVE-2020-11910), as well as highlighting cloud IP scanning.
Honeypots can be great as an early detection method and a hands-on training tool for students, SOC analysts, and Blue Teams to practise detection and response in safe environments.
đź“ŚRead the full blog here: https://www.pentestpartners.com/security-blog/spot-trouble-early-with-honeypots-and-suricata/
#CyberSecurity #Honeypots #Suricata #ThreatDetection #BlueTeam
Attackers abuse Discord webhooks for lightweight C2, but what does the cache leave behind?
In our latest blog post, Joseph Williams shows that a simple PowerShell beacon can send files and exfiltrate data to a Discord channel.
But what's in the cache? Attachments, thumbnails, and webhook URLs?
We have released a Discord Forensic Suite with a CLI parser and a GUI tool. It builds HTML and CSV timelines to reconstruct Discord activity after messages and files are deleted.
đź“Ś Read here: https://www.pentestpartners.com/security-blog/discord-as-a-c2-and-the-cached-evidence-left-behind/
#DFIR #DFIRTools #DigitalForensics #DiscordSecurity #WebhookAbuse #C2 #Cybersecurity
In the final part of the Bluetooth hacking series, Sam Thom pulls it all together with his go-to BLE kit...
A Sniffle dongle and a Nordic dev kit give you everything you need to capture, interact, and even script Bluetooth traffic. The Nordic kit also runs an interactive Bluetooth shell, making it easier to learn and experiment.
đź“ŚStart hacking BLE here: https://www.pentestpartners.com/security-blog/start-hacking-bluetooth-low-energy-today-part-3/
#Bluetooth #BLE #HardwareHacking #CyberSecurity #PenTesting #IoT
Broadcast receivers handle system events like boot, charging, or headset plug-ins, but they also come with risks if misconfigured.
In this blog post, David Lodge explains how broadcast receivers work and how to enumerate an app’s receivers...
đź“Śhttps://www.pentestpartners.com/security-blog/android-broadcast-receivers-101/
#CyberSecurity #AndroidSecurity #MobileSecurity #AppSec #ReverseEngineering #PenTesting
Ready to take Bluetooth Low Energy hacking a step further?
In part two, Sam Thom moves on from the free Android/Linux setup and brings in budget hardware. A ÂŁ20 Sonoff dongle for sniffing. A ÂŁ10 Nordic nRF52 for control.
With Sniffle and Wireshark, you can capture traffic. With nRFConnect, you can write to characteristics and make devices beep on command. It’s a cheap but powerful setup before we move on to advanced tools in the next post.
đź“Ś https://www.pentestpartners.com/security-blog/start-hacking-bluetooth-low-energy-today-part-2/
#BLEHacking #Bluetooth #BLE #HardwareHacking #CyberSecurity #PenTesting #Wireshark
Want to try Bluetooth Low Energy hacking but not sure where to begin?
This is the first post in a three-part series where Sam Thom takes a £2 key-finder tag and makes it beep by capturing and replaying its BLE traffic with free tools. It’s a simple, practical way to see how GATT, handles, and characteristics work without investing in expensive gear.
If you’ve been meaning to get into BLE, this is an easy starting point that sets you up for the more advanced tools and techniques we’ll cover in the series.
đź“Śhttps://www.pentestpartners.com/security-blog/start-hacking-bluetooth-low-energy-today-part-1/
#Bluetooth #BLE #HardwareHacking #CyberSecurity #PenTesting #Wireshark
Speculative plans in Terraform Cloud can open an attack path.🚨
On a Red Team engagement, we compromised a Terraform token with plan permissions. By adding a custom external data source, we ran code on the Terraform Cloud runner.
That exposed short-lived AWS and GCP credentials, letting us work outside the version control workflow.
Even VCS-backed workspaces do not stop this. The runner still holds the keys during a plan — and that is the risk.
Jack McBride explains the technique and how tighter token scopes and Sentinel allow lists can prevent it.
đź“Ś https://www.pentestpartners.com/security-blog/terraform-token-abuse-speculative-plan/
#CloudSecurity #RedTeam #Terraform #CyberSecurity #DevSecOps #AWS #GCP
You’re security testing AWS infrastructure. You’ve done the work and need to exfiltrate the evidence files. But there's no internet access and no inbound ports... 🤔
Here’s how to use AWS Services Systems Manager (SSM) to create a port forwarding session, access what you need, and securely exfiltrate data with a simple Python web server.
đź“Ś Read the blog post here: https://www.pentestpartners.com/security-blog/how-to-transfer-files-in-aws-using-ssm/
#AWS #CloudSecurity #PenTesting #CyberSecurity #SSM #Infosec #Python #RedTeam
Deleted a folder? Shellbags is the accessory you need...
They’re one of the most valuable forensic artifacts for tracing user activity in Windows, even if the folders are gone.
This blog post by our Joseph Williams walks through how Shellbags work, how to analyse them with tools like ShellBags Explorer, and what they reveal about user navigation through local, external, and network locations.
If you're in DFIR, this is one artifact you don't want to miss.
đź“Ś Read the blog: https://www.pentestpartners.com/security-blog/dfir-tools-and-techniques-for-tracing-user-footprints-through-shellbags/
#DFIR #DigitalForensics #WindowsForensics #IncidentResponse #Shellbags #CyberSecurity #ForensicAnalysis