Pen Test Partners

AI noise and the effect it’s having on vulnerability disclosure programs

Managing vulnerability reports is difficult for an organisation.  In an ideal world, something like this happens: Everyone is ...
Pen Test Partners

2025, the year of the Infostealer

TL;DR Introduction Infostealers are not new malware. They have been around for decades. What has changed is how effective ...
pentestpartners.com

ISC2 East of England Chapter

Ross Donald will be presenting at the Secure AI: Building Cyber AI Confidence event on ‘Flirting with AI: Pwning Websites Through Their AI Chatbot Agents and Politely Breaking Guardrails’. Everyone is ...
pentestpartners.com

Common Kubernetes misconfigurations and how to avoid them

Kubernetes has changed the way we deploy and scale workloads. It’s powerful, flexible, and very good at hiding a lot of complexity. It is also very good at hiding security problems until someone ...
pentestpartners.com

Exploiting AgTech connectivity to corner the grain market

I live in the countryside & as a result, know quite a few farmers. The subject of connected farming systems comes up quite a lot in the local pub. Those of you who have watched Clarkson’s Farm will ...
pentestpartners.com

Finding your path into DFIR

Digital Forensics and Incident Response (DFIR) has a certain appeal to aspiring cybersecurity professionals. The mix of ‘CSI-style’ forensic investigations with the chaos and pressure of incident ...
pentestpartners.com

Start hacking Bluetooth Low Energy today! (part 2)

In part one we started hacking Bluetooth and made a little £2 key-finder beep using only Android and Linux. If you haven’t read that post, I would recommend it as a primer to the devices, BLE and what ...
pentestpartners.com

Terraform Cloud token abuse turns speculative plan into remote code execution

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...
pentestpartners.com

Thumbnail forensics. DFIR techniques for analysing Windows Thumbcache

Windows thumbnail cache, or thumbcache, is a well-known forensic artifact, but often one that is overlooked. The thumbcache stores small previews of images, videos and documents and can persist even ...
pentestpartners.com

How we turned a real car into a Mario Kart controller by intercepting CAN data

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...
pentestpartners.com

Fully segregated networks? Your dual-homed devices might disagree

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...