We’ve been getting busy on Twilio recently working on our SE Honeypot project. It’s a wonderful platform, everything is placed where it feels it should be, some complex IVR tasks can be made in a drag and drop fashion – …
Why is Mark Working at Midnight?
It can be easy to think that phishing attempts are nothing to worry about. After all, you’re never going to click on that email saying you’ve missed your Netflix payment when you cancelled your account back in 2018. But the …
The Power of the Flower
When you work in an office, there’s nothing better than when someone brings in their new baby or puppy for a meet and greet. Everyone immediately stops work and is temporarily wrapped up in a bubble of excitement. If an …
Explaining Physical Social Engineering
The world of Red-teams and Social Engineering can be quite insular. As someone who founded The AntiSocial Engineer, I know that was almost part of the design and philosophy at the time. We weren’t interested in doing things like other …
Doorstep Data Collection
Shampoo, bubble bath and room sprays, Avon has everything you need to unwind in aromatherapy euphoria. But would you feel so relaxed knowing that your data might be vulnerable to criminals? For those who don’t know, Avon is a company …
The Making of a Drop Box
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Malicious Packets
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, Finance, …
UK Parliament Cyber Attack
At the end of last week, news organisations started reporting of a ‘sustained and determined attack’ against the mailboxes of the 650 members of parliament and staff. In the initial release of information it is quite clear the login portal was …
The ‘can you hear me’ scam
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. …
How to nearly buy Google.com for £8
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the …
iMessage Preview Problems
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, …
Abusing automated call handlers
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones …
Rubbish Security
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex …
Social Engineering & TalkTalk
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can …
Why Social Engineering assessments should matter to you…
Social Engineering has taken precedent in 2014, with some of the biggest data breaches ever recorded. 2015 is set to be another year filled with yet more attempts, yet more phishing emails hitting your business and having an adverse effect. …