Category: Penetration Test

Red vs Blue – A write-up of our SkillSec workshop

I often feel that blue teaming doesn’t always get the love it deserves, so we decided that this months SkillSec would be about Red vs Blue. For those that may not be familiar with these terms, Red is the “offensive” side of security (think “attack simulation”) and blue is about defending i.e. detecting and stopping the attackers. As is often said, blue can be more challenging as you have to defend every weakness whereas with Red, you only have to find one weakness. Both are important to consider. Whilst Digital […]

Securing the Mainframe

Security consultants tend to specialise fairly early in their careers, and one of the areas I chose to specialise in, and something that Digital Interruption offers our clients, is mainframe security assessments. For many of us, unless you’re over a certain age, or have a strange fixation on weird machines, you’ll likely have never interacted with a mainframe before. There are a few popular (and contradictory) myths in the infosec community about mainframes: They’re legacy They’re the same as supercomputers Nothing a cluster of cloud computers can’t beat Nobody uses […]

Post Exploitation on Linux – Release the Orc

This blog is an extension of my Arcane Arts of Linux talk at Steelcon 2018, as well as a quick discussion about a post exploitation tool I’ve been writing and playing with for the last few months, called Orc. Part of the inspiration for this post is that over recent years, there’s been a lot of conversation about red-team techniques for Windows, significant tool development and tool evolution, and generally quite a lot of progress. Linux, on the other hand, doesn’t receive nearly as much attention. There are a lot […]

So you need a penetration test?

You’ve seen these data breaches in the news and you’re worried it could be you next. With all the talk of GDPR you’re worried a fine could put you out of business. Time to bring in an ethical hacker so they can perform a security or penetration test. These are some of the feelings we heard from some of our SME clients. When they started, security was always something they would think about later and, well, now it’s later. They may have had clients insisting on seeing a penetration test […]