When we carry out penetration tests on businesses, possibly the most crucial part is choosing the disguise and persona. There’s a lot more to it than sticking on a hat and glasses and remembering a script. After all, a lift …
The Power of the Flower
When you work in an office, there’s nothing better than when someone brings in their new baby or puppy for a meet and greet. Everyone immediately stops work and is temporarily wrapped up in a bubble of excitement. If an …
Explaining Physical Social Engineering
The world of Red-teams and Social Engineering can be quite insular. As someone who founded The AntiSocial Engineer, I know that was almost part of the design and philosophy at the time. We weren’t interested in doing things like other …
The Making of a Drop Box
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Malicious Packets
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, Finance, …
Lawyers Must Recognise the Value of their Data
Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, it’s easy to forget about the true value of things around us – especially their inherent value to other walks …
TalkTalk, one year later.
For nearly a year we have had a tale we’ve told to friends and business associates. The tale involves TalkTalk and how one day we found the data breach, alerted them and sparked the controversy that we all know to this …
Rubbish Security
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex …
Why Social Engineering assessments should matter to you…
Social Engineering has taken precedent in 2014, with some of the biggest data breaches ever recorded. 2015 is set to be another year filled with yet more attempts, yet more phishing emails hitting your business and having an adverse effect. …