Pen Test Partners

The logs you’ll wish you had configured if (when) you are breached…

TL;DR  Introduction When responding to an incident, logs provide a vital record of events within a system and serve as a critical source of evidence during an incident investigation. They help ...
Pen Test Partners

Compiling static Nmap binary for jobs in restricted environments

TL;DR The problem Have you ever found yourself in a client’s hardened, containerised environment where you needed to scan ...
Pen Test Partners

What Speed 2 gets right and wrong about ship hacking

TL;DR Introduction In the field of maritime cyber, we often cite the movie Speed 2: Cruise Control from 1997 as an ...
pentestpartners.com

Channel Islands Cyber Security Conference 2025

Ross Donald will be presenting: Flirting with AI: Pwning web sites through their AI chatbot agents and politely breaking guard rails Everyone is implementing AI chatbots to improve their customer ...
pentestpartners.com

Exploiting Copilot AI for SharePoint

SharePoint is a Microsoft platform that enables collaborative working and information sharing. This done with team sites. They work like regular intranet pages with graphics and text, but they also ...
pentestpartners.com

IoT Secure Development Guide

Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. A threat model is a structured representation of all the ...
pentestpartners.com

Three Word Passwords

The National Cyber Security Centre (NCSC) have advocated the use of three random words for several years to create strong passwords, and that advice has been repeated recently by the National Crime ...
pentestpartners.com

Fully segregated networks? Your dual-homed devices might disagree

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...
pentestpartners.com

You can’t build a great IoT system without a strong foundation

Building a secure IoT system requires secure IoT devices, and building a secure IoT device requires a strong foundation. The hardware in the device must support and ...
pentestpartners.com

Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and more…

As Red Teamers, we often find information in SharePoint that can be useful for us in later attacks. As part of this we regularly want to download copies of the file, or parts of their contents. In ...
pentestpartners.com

Terraform Cloud token abuse turns speculative plan into remote code execution

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...
pentestpartners.com

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. The manufacturer must provide ...