Securing the Mainframe

Security consultants tend to specialise fairly early in their careers, and one of the areas I chose to specialise in, and something that Digital Interruption offers our clients, is mainframe security assessments. For many of us, unless you’re over a certain age, or have a strange fixation on weird machines, you’ll likely have never interacted with a mainframe before. There are a few popular (and contradictory) myths in the infosec community about mainframes: They’re legacy They’re the same as supercomputers Nothing a cluster of cloud computers can’t beat Nobody uses […]

TEMPEST in Action

Digital Interruption is lucky enough to have a penetration testing team which consists of experienced hackers and penetration testers. This means we often have the pleasure of experimenting with attacks and demonstrating weaknesses that might otherwise only be seen as theoretical attacks. One great example of this is TEMPEST – also known as Van Eck Phreaking. In this blog post, we’ll see TEMPEST in action and try and help you understand whether this is an attack you should worry about. What is TEMPEST? First, some background. TEMPEST is an attack […]

Post Exploitation on Linux – Release the Orc

This blog is an extension of my Arcane Arts of Linux talk at Steelcon 2018, as well as a quick discussion about a post exploitation tool I’ve been writing and playing with for the last few months, called Orc. Part of the inspiration for this post is that over recent years, there’s been a lot of conversation about red-team techniques for Windows, significant tool development and tool evolution, and generally quite a lot of progress. Linux, on the other hand, doesn’t receive nearly as much attention. There are a lot […]

Skimmers and Magecart Attacks

Magecart attacks have taken up a considerable portion of the news cycle over the past year where card data has been harvested from notable enterprises like British Airways, Newegg and Ticketmaster. While the mainstream news has moved on and become silent due to current targets not being quite as significant as BA, the attackers are still operating. In this blog post, we want to talk about a couple of mechanisms you should be using to reduce your attack surface and keep your customers safe A little background is always good: […]

Introducing Ali

I’m excited to join the growing Digital Interruption team as Head of Defensive Security! Part of what drew me to DI is the promise of doing security differently – from the transparent, clear pricing model to the focus on continuous security, baking it into the SDLC, supported by policy guidance. My background is very much the attacking side of security – I’ve spoken at multiple conferences about tool development and finding vulnerabilities in obscure systems. When it comes to a legacy mainframe, an unusual embedded device, or really anything that […]

Mental Health in Tech – be part of the solution, not part of the problem

By Saskia This week I gave the introductory talk at the Techs and the City event about mental health. I have a lot of experience in this area and have deep concerns about how mental health is handled, both generally in the tech industry, but specifically in cybersecurity. The reception to all the talks was amazing, I was asked to turn mine in to a blog. This is the blog. This is not just my experience but a call to action, so if you have the time please read to […]

“Hackers keep me up at night”​

This is something that was said to us by a small business owner who was worried their company and data wasn’t secure. To me, a statement like this means the infosec community has made it too difficult for small companies to take security into their own hands and be confident they’ve done it right. How do small companies become secure? Now it’s certainly true that hackers can be scary. There is a strange “unknown” that goes with the idea that someone could be attacking your company, reading your emails or […]

Taking Security Into Your Own Hands

At Digital Interruption we’re passionate about data and passionate about security. As well as offering the usual services you’d expect from a security company, like penetration testing and vulnerability scanning we also work with companies to help them embed security in to the core of their business. We work to advise and empower companies, embedding the skills they need to secure themselves through our training and compliance services. We believe that security is fundamental to development and should be available to everyone, not just those that can afford the hefty prices charged by many […]

So you need a penetration test?

You’ve seen these data breaches in the news and you’re worried it could be you next. With all the talk of GDPR you’re worried a fine could put you out of business. Time to bring in an ethical hacker so they can perform a security or penetration test. These are some of the feelings we heard from some of our SME clients. When they started, security was always something they would think about later and, well, now it’s later. They may have had clients insisting on seeing a penetration test […]