Pen Test Partners | Penetration Testing & Cyber Security
886 FOLLOWERS
Pen Test Partners is a partnership of high-end penetration testers, cherry picked for their wealth of knowledge.
Pen Test Partners | Penetration Testing & Cyber Security
1w ago
TL;DR
LUCKY13 is more an attack than a vulnerability
LUCKY13 was patched over a decade ago … so it’s really unlikely that your server is vulnerable now
It’s an implementation issue
Disabling CBC ciphers is still a good idea … but not because of susceptibility to LUCKY13
There is no material risk in this issue
Accurate remote detection is rarely possible
Introduction
It’s been a while since I wrote a “Vulnerabilities that (mostly) aren’t” post, but a recent discussion in our pen testing teams brought about a change in how we’re reporting LUCKY13 (and potentially other TLS vulnerabilities), l ..read more
Pen Test Partners | Penetration Testing & Cyber Security
1w ago
TL;DR
Even though MFA is effective it is one security control amongst many
Even if MFA is in use, check its configuration
Consider unexpected patterns of use, such as people logging in from Linux or macOS
Make sure you log and can react to out-of-band behaviour
Introduction
On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network. But we had not yet gained access to their cloud estate, which was hosted in Azure. Our level of access to on-prem AD gave us access to a large number of resources, many containing sensitive data. But it did no ..read more
Pen Test Partners | Penetration Testing & Cyber Security
2M ago
TL:DR
Being asked to speak at events is great
…except when it looks like a scam or a phishing attempt
This is walkthrough of my experience
If you think it’s a scam, it probably is
It’s a typical Sunday evening, and as I’m gearing up for the week ahead and an interesting email lands in my inbox. The message? An invitation to speak at a prestigious event in Spain on a subject I hold dear, with the added bonus of covered expenses. Colour me thrilled ¡España, aquí vengo!
“Your insights and experiences would greatly enrich our conference agenda and contribute to the learning and engagement of ou ..read more
Pen Test Partners | Penetration Testing & Cyber Security
2M ago
TL;DR
Attackers can use Microsoft native SSH client to forward out internal network traffic
Windows native SSH is common
The attack only needs minimal set-up and commands
Quicker and more cost effective for an attacker than using C2 infrastructure
Reduces likelihood of Blue team detection
Introduction
Lately I was involved in an assumed compromise project where stealth and simplicity was required, reducing the opportunity to use a sophisticated C2 infrastructure. We did note that the built-in Windows SSH client could make this simpler for us.
A simple SSH Split Tunnelling attack is not a ne ..read more
Pen Test Partners | Penetration Testing & Cyber Security
2M ago
TL;DR
PSTI: The UK Product Security and Telecommunications Infrastructure (Product Security) Act
Regulations effective from 29 April 2024
Assess how, where, why, and when you may be affected
Review supply chain and in-house teams for compliance readiness
Specific obligations for manufacturers, importers, and distributors
Use the PSTI Act and its regulations as your compliance blueprint
Implement robust due diligence in system acquisitions
Prepare for potential cybersecurity incidents with rigorous testing and validation
Don’t overlook the importance of comprehensive training
Regulatory evol ..read more
Pen Test Partners | Penetration Testing & Cyber Security
2M ago
American consumers have two clear yet vastly differing choices when it comes to banking. Many opt for a large-sized national or regional bank. Folks select this option for a variety of reasons, typically due to the vast services and ease of use these powerhouses provide. Roughly 60% of Americans count themselves as customers of these large-scale institutions.
Others choose to conduct their banking business differently – and more locally – via credit unions. According to the NCUA (National Credit Union Administration), there are over 4,500 credit unions with over 136 million members nationally ..read more
Pen Test Partners | Penetration Testing & Cyber Security
3M ago
October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks.
What’s the attack?
To understand the attack you need understand the challenge that the attacker faces. Currently, most initial access attempts are carried out with social engineering, commonly phishing. Why is that?
Well, it looks like people have finally got good at patching. According to the 2022 Verizon data breach incident report only 5% of data breaches investigated by them ..read more
Pen Test Partners | Penetration Testing & Cyber Security
3M ago
Introduction
Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs. Recently I’ve been looking at exported as an interesting way to manipulate information that other apps have stored.
A content provider is what it sounds like – it creates a standard mechanism for allowing access to centralised data. An example may be a fitness tracker could allow a central database of activity which could be queried by other apps to pull out data.
It is accessed in a similar way than you would access a database. A ContentResolve ..read more
Pen Test Partners | Penetration Testing & Cyber Security
3M ago
TL;DR
Livall smart ski and bike helmet app leaks the wearers real time position
Group audio chat allows snooping on conversations
Both issues are due to missing authorisation
Bike app affects ~1 million users, ski app affects a few thousand users
Fixed by the vendor, but after we had to call on a trusted journalist to escalate at Livall
Backstory
Some of us at PTP are keen skiers, and all of us are into IoT and connected devices. This means that smart ski tech is right up our straße!
Connected / smart products are continually emerging in the ski sector. We’ve looked at some in the past, inc ..read more
Pen Test Partners | Penetration Testing & Cyber Security
3M ago
We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus.
TL;DR
Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights
One of the iOS appshad ATS (App Transport Security) intentionally disabled, together with any form of certificate validation, exposing the app to interception attacks over Wi-Fi
This could enable tampering with, for example, the engine performance calcu ..read more