Pen Test Partners

AI can help in DFIR, but it cannot replace investigator judgement

TL;DR  Introduction   In my previous blog post, I wrote about finding your path into DFIR; how to get started, where to focus ...
pentestpartners.com

CHECK Penetration Testing

Pen Test Partners is an NCSC-assured CHECK-accredited company, authorised to deliver penetration testing for public sector and CNI systems. CHECK exists because some environments need more than a ...
pentestpartners.com

How we turned a real car into a Mario Kart controller by intercepting CAN data

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...
pentestpartners.com

Pwning CCTV cameras

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, ...
pentestpartners.com

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act.
pentestpartners.com

Living off the land, GPO style

The ability to edit Group Policy Object (GPOs) from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what ...
pentestpartners.com

What Speed 2 gets right and wrong about ship hacking

In the field of maritime cyber, we often cite the movie Speed 2: Cruise Control from 1997 as an interesting prediction of the future. It illustrates the reality of today quite well, despite being ...
pentestpartners.com

OAuth consent phishing, in the wild

An interesting incident response investigation showed exploitation of a recent OAuth related consent-phishing issue. We had been asked to investigate as the organisation had noticed some odd ...
pentestpartners.com

The unexpected effects of GPS spoofing on aviation safety

GPS is one service in the Global Navigation Satellite System (GNSS). Others include Russia’s GLONASS and the EU’s Galileo constellations. These are all used to provide Position, Navigation, and Timing ...
pentestpartners.com

Hacking Swann & FLIR/Lorex home security camera video

A few weeks back we read a story on the BBC web site about a BBC employee seeing someone else’s video footage on the mobile app for their home security camera. It wasn’t clear how this happened, but ...
pentestpartners.com

Call centres. Outbound call verification

One way to deal with this is to call the company back on a validated number, a number not provided by the caller. The challenge here is that it’s often difficult to get back to the original person, or ...