top of page
All Posts
Aug 18, 20236 min read
DEFCON 31 Vishing Competition: Lessons from a judge
Read key lessons from the DEF CON 31 vishing competition for a different view on social engineering.
Dec 22, 20224 min read
10 million most popular websites
Our list of the top 10 million websites available for you to freely download
Nov 15, 20223 min read
Ruby off the Rails (CVE-2022-3704)
Understanding Ruby on Rails vulnerability CVE-2022-3704 and what it means for future-proofing code
Jul 20, 20227 min read
Lessons from Pentesting Smart Buildings
How to hack (& protect) smart devices. We share common findings from our smart building pentests.
Jul 6, 20221 min read
UK councils at risk of cyber attack: our ITV News interviews
We recently featured on ITV News explaining the Hackney Council cyber attack and the threat facing UK councils. Catch up on the videos.
Jun 29, 20225 min read
How safe are safe deposit boxes?
From Ocean's Eleven to The Da Vinci Code, heists of safe deposit boxes are often in the media. We take a deep dive into their security.
Mar 31, 20227 min read
Three things that every developer should know about cyber security
What every ethical hacker wishes developers knew about cyber security.
Feb 14, 20225 min read
You're the Salt to my Hash
Why hashing and salting are key ingredients for storing passwords securely.
Feb 8, 20225 min read
Divide and Contain
How do you protect your home network from cyber attacks against your employer? Read our overview of VLANs.
Jan 26, 20224 min read
Notes from a Pentester: How we found 2 new BuddyBoss vulnerabilities
How we discovered two Wordpress plugin vulnerabilities: CVE-2021-43334 and CVE-2021-44692.
Jan 10, 20223 min read
Notes from a Pentester: CVE-2021-43333 (DataLogic Devices)
During a recent pentest for a client we discovered a number of devices on their network that looked interesting, after 25 years of...
Dec 16, 20213 min read
How to Build Your Own Log4Shell Demo (CVE-2021-4428)
A step-by-step guide to building your own Log4Shell demo, with video overview.
Dec 13, 20216 min read
Explaining Log4Shell in Simple Terms
Vulnerabilities are discovered everyday. While some can be serious, most are not so scary that they get everyone in a (justifiable)...
Jul 23, 20213 min read
Digital Trust versus Zero Trust?
If people feel that there is "zero trust" of them, why should they trust you back?
May 17, 20212 min read
CVE-2021-29203 (HP Edgeline Manager) - Explained
FC takes a look at a proof of concept for CVE-2021-29203 (HP Edgeline Manager).
Dec 11, 20202 min read
Security for gamers: top tips
Gaming consoles and video games are always a popular gift over the festive period and this Christmas will be no different. The Covid-19...
Oct 14, 20202 min read
Internet of Things Device Security
Here it is folks! Week 3 of Cyber Security Awarness Month 2020, Do Your Part. #BeCyberSmart. In our third guidance document of Cyber...
Oct 5, 20204 min read
QR Codes: Top tips for using them securely
Blog post by Dave Mound What is a QR code? With the introduction of the Covid-19 contact tracing app in England and Wales, we're all...
Aug 12, 20202 min read
What is APT28's Drovorub Malware?
The NSA and FBI have today released an advisory (pdf) about the previously undisclosed malware called Drovorub, that has been attributed...
Aug 2, 20205 min read
A Case Study in Technical Debt: why DynamoDB might not be for you
In this industry it can feel challenging to tell others you've made mistakes, but we believe that it's important to show not just the...
bottom of page