Pwning web sites through their AI chatbot agents and politely breaking guard rails ...

TL;DR  Introduction   There is a widely held belief that penetration testing Operational Technology networks is impossible.

TL;DR:  What DORA is, who it affects, and what “good” looks like  If you run a financial services business in the EU, or you provide tech to one, DORA (the Digital Operational Resilience Act) is now ...

Identity and Access Management, or IAM, is one of the most important security controls in any cloud environment. If it is weak, attackers can often work around the protections that sit on top of it.

I stumbled into infosec the same year the NSA graced us with Ghidra. It’s by far become the most used tool in my arsenal for reverse engineering and vulnerability research. It’s free, extensible, and ...

Product security has matured significantly over the last decade. Secure defaults, defined ownership of security risk, reliable update mechanisms, and structured vulnerability handling are now ...

Kubernetes has changed the way we deploy and scale workloads. It’s powerful, flexible, and very good at hiding a lot of complexity. It is also very good at hiding security problems until someone ...

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...

Windows thumbnail cache, or thumbcache, is a well-known forensic artifact, but often one that is overlooked. The thumbcache stores small previews of images, videos and documents and can persist even ...

AI is proving to be a useful companion for analysing data at scale for forensic examiners (data that is already publicly available if not privately hosted). This involves building an AI chatbot system ...

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...