Securing the Mainframe

Security consultants tend to specialise fairly early in their careers, and one of the areas I chose to specialise in, and something that Digital Interruption offers our clients, is mainframe security assessments. For many of us, unless you’re over a certain age, or have a strange fixation on weird machines, you’ll likely have never interacted with a mainframe before. There are a few popular (and contradictory) myths in the infosec community about mainframes: They’re legacy They’re the same as supercomputers Nothing a cluster of cloud computers can’t beat Nobody uses […]

Post Exploitation on Linux – Release the Orc

This blog is an extension of my Arcane Arts of Linux talk at Steelcon 2018, as well as a quick discussion about a post exploitation tool I’ve been writing and playing with for the last few months, called Orc. Part of the inspiration for this post is that over recent years, there’s been a lot of conversation about red-team techniques for Windows, significant tool development and tool evolution, and generally quite a lot of progress. Linux, on the other hand, doesn’t receive nearly as much attention. There are a lot […]

So you need a penetration test?

You’ve seen these data breaches in the news and you’re worried it could be you next. With all the talk of GDPR you’re worried a fine could put you out of business. Time to bring in an ethical hacker so they can perform a security or penetration test. These are some of the feelings we heard from some of our SME clients. When they started, security was always something they would think about later and, well, now it’s later. They may have had clients insisting on seeing a penetration test […]