A critical vulnerability in old Telerik software gave an attacker remote code execution on an SFTP-only Windows server. That meant they didn’t need credentials, antivirus didn’t trigger, and default log sizes meant almost nothing useful was captured.

From there? PowerShell exclusions, admin account created, RDP tunnelled in via Ngrok, ransomware deployed.

They even opened Pornhub either to cover traffic or celebrate the moment. Who knows?

This attack wasn’t subtle. But it worked because basic controls were missing.

We’ve broken down the incident. Plus, recommendations you can act on now to prevent the same thing.

📌https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/

#CyberSecurity #IncidentResponse #Ransomware #ThreatDetection #DigitalForensics #InfoSec

Weak or compromised passwords are still one of the most common ways attackers get into an organisation’s network.
 
That’s why running password audits in Active Directory is so important. But smaller companies often don’t have the time, budget, or resources to do them regularly.
 
Our latest blog post gives you a step-by-step guide to run a proper password audit using free tools available online.
 
📌Read here: https://www.pentestpartners.com/security-blog/how-to-conduct-a-password-audit-in-active-directory-ad/
 
Why do audits and training matter?
 
Without regular audits to spot gaps, and proper staff training on how to create strong, secure passwords, breaches can and do happen. Technical tools alone won’t stop them.
 
In most cases, the weakest part of the system isn’t the technology, it’s the people using it. That’s why it is important to train users on how to set strong passwords, which can then be audited.

#PasswordSecurity #ActiveDirectory #CyberSecurity #AuditTools #SecurityAwareness #InfoSec

We turned a car into a Mario Kart controller! 🏎️🎮
 
At PTP Cyber Fest, attendees used the steering wheel, pedals, and brakes of a real Renault Clio to play SuperTuxKart.
 
We tapped into the CAN bus with cheap wire splicers.
 
Mapped the signals using Python.
 
We even wrote our own state machine to make it all work.
 
Sure, it was a bit impractical. We had to remove the wing mirrors to fit it inside the building, deal with dodgy electrics, and babysit the car battery.
 
Next year, we might try something a bit more portable.
 
📌Read how we did it here: https://www.pentestpartners.com/security-blog/how-we-turned-a-real-car-into-a-mario-kart-controller-by-intercepting-can-data/
 
#CyberSecurity #AutomotiveSecurity #CANbus #HackThePlanet #PenTesting #Python #Infosec #PTPCyberFest2025

A strict-looking content security policy isn’t always a secure one.

During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect.

But one missing directive "base-uri" was all it took to break it wide open.

By injecting a <base> tag, we redirected script loading to an attacker-controlled domain. XSS payload delivered. CSP bypassed.

CSPs need more than checkboxes. They need context, testing, and attention to the small stuff.

📌Here’s what went wrong and how to avoid it: https://www.pentestpartners.com/security-blog/csp-directives-base-ic-misconfigurations-with-big-consequences/

#CyberSecurity #AppSec #CSP #WebSecurity #PenTesting #XSS

Missed PTP Cyber Fest 2025? Here’s what happened…

It was two days of hands-on activities, conversations, and an incredible effort that raised over £27,000 for NSPCC with Cyber House Party! 🎉

📌We’ve wrapped up the highlights here: https://www.pentestpartners.com/security-blog/ptp-cyber-fest-2025-more-than-just-another-conference/

A huge thank you to everyone who joined us!

The speakers, the volunteers, our partners RiverSafe Ltd, Retail & Hospitality ISAC, Auto-ISAC, Aviation ISAC, and every attendee who got stuck in and helped shape the event into something truly special.

#CyberFest2025 #CyberSecurity #InfosecCommunity #CyberHouseParty

Relying on dual-homed devices to separate your networks? You might be opening the door to attackers without realising it. 🖥️
 
During a recent OT and ICS assessment, what looked like strong segmentation on paper actually created hidden pathways across their networks.
 
We found that dual-homed devices, combined with outdated firmware, default passwords, and exposed services, allowed bridging between different networks (often of varying trust levels).
 
This is a reminder that dual-homed devices are not a safe shortcut for proper network design.
 
You can read the full breakdown here: https://www.pentestpartners.com/security-blog/fully-segregated-networks-your-dual-homed-devices-might-disagree/
 
#CyberSecurity #OTSecurity #ICS #CriticalInfrastructure #NetworkSecurity #NetworkSegregation 

🚫 No fire detection means no going to sea.
If you're running the Consilium Safety CS5000 fire panel on board, hardcoded credentials could let an attacker shut it down remotely.
 
As a result, if the system is taken offline, your vessel could be detained, lose its class certification, or be prevented from sailing altogether.
 
There is no patch available. The vendor has stated they won’t fix the issue unless cybersecurity was part of your original contract.
 
If your panel was installed before July 2024, it likely wasn’t designed with modern cybersecurity in mind.
 
Andrew Tierney explains how we discovered the vulnerability, its implications for operators, and the steps you can take to mitigate the risk.
 
📌 Read here: https://www.pentestpartners.com/security-blog/fire-detection-system-been-pwned-youre-not-going-to-sea/
 
#MaritimeCyberSecurity #VulnerabilityResearch #OTSecurity #FireDetection #CyberRisk

Installing unsigned or fake-signed iOS apps for testing without a Mac, Xcode, or access to proper signing tools can be a challenge.

Since iOS normally relies on the App Store to handle signing, getting apps onto a device manually isn’t always straightforward.

In our latest blog, we break down the main approaches to sideloading using tweaks on jailbroken devices, sideloading platforms like AltStore and Sideloadly, and on-device tools like TrollStore.

Whether your device is jailbroken or not, you’ll find a method that works.

📌Read here: https://www.pentestpartners.com/security-blog/how-to-load-unsigned-or-fake-signed-apps-on-ios/

#iOSSecurity #MobileAppTesting #Sideloading #CyberSecurity #infosec

Our Red Team found multiple ways to get around SharePoint’s “Restricted View” and exfiltrate data. Here's how...
 
Jack walks through Red Team methods using OCR and screenshots, Copilot, browser tricks, and HTML scraping to keep and collect data.
 
No matter the file type (TXT, PPTX, XLSX), there's a way...
 
📌Read here: https://www.pentestpartners.com/security-blog/bypassing-sharepoint-restricted-view-to-exfiltrate-data/
 
If you’re relying on “Restricted View” to protect sensitive data, it’s time to rethink.
 
#redteam #cybersecurity #infosec #sharepoint #microsoft365 #datasecurity #restrictedview #copilot

🖥️ VNC might be convenient for legacy systems, but it's just as convenient for attackers...
 
Unencrypted traffic makes it easy to intercept credentials. Some setups don’t require a password at all. And even when passwords are used, they’re often weakly stored and easily cracked.
 
Attackers might not even need to log in, just sniff the traffic and capture screens or keystrokes without being noticed.
 
To prove the point, our Kieran built a Python script (VncCrack.py) that cracks VNC passwords in plaintext using intercepted traffic.
 
📌Check it out in action in our latest blog post: https://www.pentestpartners.com/security-blog/vnc-rdp-for-all-to-see/

#CyberSecurity #PenTesting #VNC #LegacySecurity #DFIR #NetworkSecurity #CredentialTheft

We found unauthenticated remote code execution on an industrial PLC without ever touching the hardware.
 
By unpacking publicly available firmware for the KUNBUS Revolution Pi, our Adam Bromiley discovered four vulnerabilities. Two of them allowed RCE with no authentication required.
 
We dug into a misconfigured Node-RED instance, bypassed authentication in PiCtory, and chained bugs together to gain full control. This could affect safety-critical systems in the real world.
 
The upside? Disclosure was handled properly. KUNBUS and CISA coordinated the response well, and advisories and fixes for all four CVEs are now live.
 
📌Get the full breakdown and links to the advisories here: https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gmbh-revolution-pi-plc/

#ICS #PLC #CyberSecurity #RCE #OTSecurity

Microsoft Copilot for SharePoint just made recon a whole lot easier. 🚨
 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
 
It opened the door to credentials, internal docs, and more.
 
All without triggering access logs or alerts.
 
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
 
That’s a problem.
 
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
 
📌Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

#RedTeam #OffSec #AIsecurity #Microsoft365 #SharePoint #MicrosoftCopilot #InfoSec #CloudSecurity

Even when a file looks like it is gone… It might not be.

Unallocated space can contain a wide range of interesting and potentially crucial artefacts that are no longer visible in the active file system but still reside on the disk.

If a user tries to cover their tracks, this “empty” space often holds the truth.

Using PhotoRec, our Luke Davis breaks down how to recover this data to retrieve lost files, then how to analyse this data effectively to reveal evidence of tampering, deletion and more.

Read the blog post here: https://www.pentestpartners.com/security-blog/unallocated-space-analysis/

#DigitalForensics #CyberSecurity #IncidentResponse #DFIR

Released by Intel in 1998, IPMI is a hardware management interface operating independently of the OS. Our latest blog post by Kieran looks at INTEL IPMI vulnerabilities and how to mitigate them.

Vulnerabilities include authentication bypasses, credential leaks, and buffer overflows, particularly in Supermicro systems.

➡️https://www.pentestpartners.com/security-blog/backdoor-in-the-backplane-doing-ipmi-security-better/

#IPMI #CyberSecurity #BMCsecurity #Supermicro #VulnerabilityManagement #FirmwareSecurity

Our Warren Houghton is back at it again with Nerding Out with Viktor. Warren shares fascinating insights into how he successfully infiltrates secure spaces and bypasses sophisticated defences.
 
In this exciting follow-up conversation, they look into covert physical penetration testing covering OSINT, badge cloning, entry tactics, and the real impact of physical breaches on cybersecurity.
 
Watch the full episode here: https://vpetersson.com/podcast/S02E05.html
 
Topics covered include technical tools and techniques used in physical penetration testing:

Badge cloning technologies and vulnerabilities in common access control systems
Lock picking tools and techniques, including the use of specialized tools for different scenarios
Under-the-door tools and methods for bypassing door sensors
The effectiveness of tailgating as an entry method
The vulnerabilities of magnetic locks and how they can be compromised

Warren shares fascinating experiences from his career, including breaking into:

A bank in Amsterdam where he successfully accessed the stock trading floor
An arena with inadequate security measures
Corporate buildings with sophisticated access control systems

#CyberSecurity #PhysicalSecurity #PenetrationTesting #SocialEngineering #SecurityAwareness #AccessControl #EthicalHacking

Although frequently misunderstood, the HTTP Cache-Control header is crucial because it specifies caching mechanisms within requests and responses.  In its typical format, it reveals details as to how resources are stored, the location of the resource and the maximum age before expiring…

In our latest blog post, Kieran Larking highlights that the No-cache directive does not prevent caching and looks at typical caching behaviour directives and how to correctly use these directives to balance performance and security: https://www.pentestpartners.com/security-blog/take-control-of-cache-control-and-local-caching/

#Caching #CacheControl #WebPerformance #WebSecurity #HTTPHeaders #Cybersecurity #DeveloperGuide #HTTP

Did you know your DNS security could accidentally leak your entire subdomain structure? Enter DNSSEC with NSEC/NSEC3 records, which is great for ensuring integrity and authentication but can also be a sneaky way for attackers to ‘zone walk’ and enumerate your domains...

Darrell Hall breaks it down in our latest blog post: https://www.pentestpartners.com/security-blog/dnssec-nsec-the-accidental-treasure-map-to-your-subdomains/

What's covered:
• How NSEC/NSEC3 can inadvertently expose DNS data
• The difference between zone transfers and zone walking
• How to crack NSEC3 records (and why you should care)
• Real-world examples and mitigation strategies

#DNSSEC #CyberSecurity #Infosec #DNS #NSEC #NSEC3 #ZoneWalking #ThreatIntel

After scouring the internet, we realised that information on Rockchip MCUs is either scarce or hidden behind NDAs. So in our latest blog, David Lodge looks at the Rockchip boot process. He covers the boot order and how to force the MCU into low-level modes for direct USB access.
 
He also dives into essential tools like xrock and rkflashtool that let you read and write the MCU’s RAM and flash memory.

Read here: https://www.pentestpartners.com/security-blog/a-dive-into-the-rockchip-bootloader/

#rockchip #bootloader #mcu #firmware #embeddedsystems #reverseengineering #hardwarehacking

We are back! On June 3rd and 4th, the entire ground floor of The Fox Pub will be transformed into a dynamic cyber festival delivering an extraordinary cybersecurity experience that you won’t want to miss...

Now with even more quick-fire cyber soapbox talks and immersive experiences across eight speciality villages, each delving into cyber threats and trends, offering something for everyone across two action-packed days.

Mark your calendar for our PTP Cyber Fest 2025. Don’t miss out on this incredible opportunity to connect, learn, and celebrate with the best in the industry. Secure your spot today!

Register here:  https://events.rantcommunity.com/PTPCyberFest2025

Why attend PTP Cyber Fest 2025?

Join us to network with top cybersecurity professionals in a laid-back, engaging atmosphere, where you can listen to (and debate with) leading practitioners on the main stage, all while enjoying some food and drink as you explore the event.

Take part in hands-on activities in each of our unique villages, covering Automotive, Aerospace, Maritime, Finance, Rail, ICS/OT, Healthcare, and Lock Picking.

Plus, visit our DFIR and consultancy booths to engage with our experts.

#ptpcyberfest2025 #cybersecurityevent #infosec #cyberthreats #handsonlearning #professionalnetworking #cyberinnovation

In aviation, cybersecurity is not optional—it is absolutely necessary. The industry recognises that ensuring product safety requires a consistent, standardised approach...

In our latest blog, @alexlomas explains the process of conducting avionics penetration tests, looking at each stage in line with ED-203A: 👉 https://www.pentestpartners.com/security-blog/pen-testing-avionics-under-ed-203a/

#AviationSecurity #CyberThreats #AvionicsTesting #PenTest #CyberResilience #FlightSafety #TechInnovation #AerospaceIndustry