The Blog
Our place for thought sharing, question answering and news announcing.
Read This Before Web Application Pen Testing
We’ve tested thousands of web applications over almost two decades… and we can confirm that a large percentage of web application exploitation vectors can only be discovered through penetration testing.
See more
Playing On Hard Mode: Why We Built Our Own C2
We don’t think the standard approach of modifying commercial C2s to evade detection will be sustainable for much longer. Artefacts of the original software will always create signatures, and as heuristics improve, those signatures will trigger detections. That's why we developed our own C2.
See more
How to Waste a Red Team Engagement: 5 Pitfalls to Avoid
There are plenty of good tips on what to do to make a red team engagement a success. However, to ensure a successful red team engagement, you also need to know how to avoid common pitfalls.
See more
DORA Reporting Requirements: An Exhaustive List
If your organisation is subject to DORA and you’re wondering how to navigate the regulation’s stringent reporting requirements, you’re in the right place.
See more
Why Our Team Loves Cybersecurity CTF Competitions
Are Capture the Flag cybersecurity (CTF) competitions just a game? Or do they make someone better at offensive security?
See more
Cybersecurity Consulting - The Secret Weapon for a Great Pen Test?
An overview on why our team recommends adding a consulting phase right before testing a critical application within your organisation.
See more