Articles

Fingerprint Icon

Discover our latest articles

The articles below are a collection of our latest research, guidance, blog posts and miscellaneous other content.

Fingerprint Icon

Bypassing AWS Trust Relationships with Session Token Stealing

When setting up an AWS environment, it’s often desirable to prevent administrative access from untrusted locations. This is important not just to prevent external attackers from gaining access to the environment, but also to provide control over the data within it, and to prevent legitimate users from accessing the environment from personal or unauthorised systems. One of the common ways that this is done is by configuring Trust Relationships (also known as Trust Policies).

Learn More
Fingerprint Icon

Reversing Custom Cryptography - A Practical Example

As pentesters, we often come across applications that implement custom cryptography to protect sensitive information such as passwords or API keys. Proper cryptanalysis of this encryption schemes is usually outside of the scope of the engagement (if only due to the lack of time) - but it’s often useful to be able to quickly reverse this encryption from a white-box perspective, so that the encrypted secrets can be leveraged elsewhere in the environment.

Learn More
Fingerprint Icon

The Importance of Testing Multi-Factor Authentication

Multi-Factor Authentication (MFA) is widely accepted as one of the key security controls that should be implemented to protect user and administrative accounts, especially for externally facing systems. However, it’s not just enough to check whether MFA is present: the security of the implementation also needs to be thoroughly tested to ensure that it is robust and effective.

Learn More
Fingerprint Icon

FreeIPA and Red Hat IdM Password Auditing

While password auditing for Active Directory accounts is a well-established process (and discussed in a previous article), password auditing methods for FreeIPA or Red Hat Identity Management are less well known, and as such may be overlooked or forgotten.

Learn More
Fingerprint Icon

Active Directory Password Auditing

Weak passwords are one of the most common ways that attackers are able to compromise an environment. If you’re using a traditional on-premise Active Directory, then carrying out your own password auditing is a very effective way to identify weak passwords in your network, and to measure the effectiveness of policy changes and training programs.

Learn More
Fingerprint Icon

Effective Cloud Application Testing

The traditional approach to carrying out web application testing has been to just test the application itself, and optionally to carry out external network testing against the server that it is running on. Although this approach can provide a degree of assurance, it misses many of the key areas that need to be considered for modern cloud-based applications.

Learn More
Fingerprint Icon

Azure AD Password Auditing

Password auditing of Active Directory is a common and well-understood practice, and a key security process that many organisations implement. However, with the shift to Azure, the existing methods can’t be used.

Learn More
Fingerprint Icon

Whitebox Testing Is More Effective

If you are a security, infrastructure, or project manager, then using whitebox testing methodology can give you greater assurance and better test coverage for the time allocated. This article sets out to explain why.

Learn More