TL;DR Introduction   When it comes to being security aware, there are seemingly endless things you need to consider. Here are ...

TL;DR Introduction If you are a computer nerd, it’s statistically likely you’ll be self-hosting multiple kinds of web ...

Tl;DR Introduction In my previous job as the SOC manager for a public sector organisation, I would often see attempts from ...

TL;DR Introduction When responding to an incident, logs provide a vital record of events within a system and serve as a critical source of evidence during an incident investigation. They help identify ...

In the field of maritime cyber, we often cite the movie Speed 2: Cruise Control from 1997 as an interesting prediction of the future. It illustrates the reality of today quite well, despite being ...

Discord has become an attractive tool for attackers not because it’s malicious, but because it’s legitimate and trusted. It often flies under the radar of security controls and offers features that ...

If you haven’t read the previous posts, I would recommend them as a primer to the devices, BLE and what we’re doing. In part one, we made a low-cost key finder beep by capturing and replaying BLE ...

In part one we started hacking Bluetooth and made a little £2 key-finder beep using only Android and Linux. If you haven’t read that post, I would recommend it as a primer to the devices, BLE and what ...

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...

Windows thumbnail cache, or thumbcache, is a well-known forensic artifact, but often one that is overlooked. The thumbcache stores small previews of images, videos and documents and can persist even ...

Shellbags are a valuable forensic artifact, providing analysts with information about user interactions with folders in Windows. These registry keys record metadata such as folder paths, view settings ...

We investigated a ransomware incident on a Windows Server 2012 host running in an SFTP-only role. The attacker delivered an attack that combined remote code execution, persistence, tunnelling, and a ...