We’ve been getting busy on Twilio recently working on our SE Honeypot project. It’s a wonderful platform, everything is placed where it feels it should be, some complex IVR tasks can be made in a drag and drop fashion – …
How We Could Chat On Your WeChat
For those of you wanting a technical debrief of what happened, this blog might not be for you. I actually want to focus on something completely different. Please take the TL;Dr and be on your merry way. This is a …
Disregard For Data
We used to report data concerns to companies in the most archaic manner. We became efficient and employed tools such as Spiderfoot HX to help us scale up this discovery processes. We then tried to streamline reporting and even made …
Twitter is Broken
Twitter by SMS So let’s get the boring stuff out the way! if you have a phone number connected to your Twitter account you can SMS Twitter and do social media stuff via SMS message. An SMS of ‘RT @Twitter’ …
Argos Doesn’t Take Care of IT
So recently I needed a computer monitor in a hurry, I was in the north and I wanted a monitor to be collected by a colleague in the south. My mind pondered several next day options but then it hit …
Trivial Mistakes On Trello
Open Source Intelligence (OSINT) is the practice of using publicly available data about a target company or person. In our field of work it’s critical because it gives you all the juicy details you can later turn into a pretext. …
Sim Swap Fraud – A Victim’s Perspective
For many victims of SIM Swap Fraud, the first time they learn about the attack is in the hours after their life has been changed forever. It’s an all too common story, the signal bars disappear from your mobile phone, …
Advanced Phishing Techniques and TalkTalk
We have already had our dealings with TalkTalk as covered in our earlier blogs here and here. We felt the need to disclose their 2015 Data breach previously, but it does disappoint us to need to write again. This isn’t a …
Did the AA have a minor breakdown?
There have been rumours of a potential data breach over at The AA UK, through a series of statements and replies observed on social media it was quiet worrying to build a jigsaw picture that displayed these such issues. As …
Phishing Robots
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links …
Naughty Name Servers
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also …
How to Handle A Data Breach
To a modern business, a data breach can have devastating effects. We have seen TalkTalk hastily bungle, Sage coyly dawdle and much more generally mess it up, it’s got to change. We don’t spend all day hunting these elusive beasts either, but we have had …
Sage UK Payroll Data Breach
Personal details and bank account information for employees of as many as 300 large UK companies may have been compromised as part of a data breach at Sage, a UK accountancy software group. August 11th, 2016 Sage UK Payroll services started …
Everybody on the floor, this is a data breach
August 2nd, 2016 I find myself in a high street bank. I’d just done a 3km run, which is like a marathon to a big bloke. I enter the doors and find a queue akin to the bread lines of …
Policing Insider Threats
The term insider threat is brandished around quite a lot these days, companies often talk about the weakest link in security being people. I guess they are almost right in what they say, but I can still dream about the …
Sim Swap Fraud – Porting your digital life in minutes.
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free to …
Social Engineering & TalkTalk
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can …