The Blog
Our place for thought sharing, question answering and news announcing.
Pen Test Cost vs the Cost of NOT Pen Testing
Based on our company's experience over the past two decades, we can confirm that the cost of pen testing is always less than the cost of NOT doing pen testing. Let's try to elaborate on this.
See more
You’re a DORA Critical Third-Party Provider, Now What?
If you have already been designated as a CTPP or expect to be, here’s what you need to do/know as a critical third-party provider under DORA.
See more
A CISO’s Guide to Purple Teaming
Our take on why a CISO might want to do Purple Teaming as one of their first actions on the job, and how Purple Teaming compares to Red Teaming.
See more
Read This Before Web Application Pen Testing
We’ve tested thousands of web applications over almost two decades… and we can confirm that a large percentage of web application exploitation vectors can only be discovered through penetration testing.
See more
Playing On Hard Mode: Why We Built Our Own C2
We don’t think the standard approach of modifying commercial C2s to evade detection will be sustainable for much longer. Artefacts of the original software will always create signatures, and as heuristics improve, those signatures will trigger detections. That's why we developed our own C2.
See more
How to Waste a Red Team Engagement: 5 Pitfalls to Avoid
There are plenty of good tips on what to do to make a red team engagement a success. However, to ensure a successful red team engagement, you also need to know how to avoid common pitfalls.
See more