Our Blog

Our news

All you need to know

Not-quite-triangulation using the who’s near me feature in location-aware web apps

Reading time: ~3 min
When assessing web applications, we typically look for vulnerabilities such as SQLi and XSS, which are generally a result of...

DET – (extensible) Data Exfiltration Toolkit

Reading time: ~2 min
Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is...

Advanced Cycript and Substrate

Reading time: ~9 min
Mobile assessments are always fun as the environment is constantly evolving. A recent trend has been the use of custom...

Android hooking with Introspy

Reading time: ~8 min
Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for...

Understanding Locky

Reading time: ~10 min
A few days ago I was asked to have a look at the newly emerged crypto-ransomware threat “Locky” which utilises Dridex-like Command and Control...

Bringing the hashes home with reGeorg & Empire

Reading time: ~4 min
Is not a hack until you are 3 tunnels deep – Ian de Villiers External assessments. It’s about not only...

Sensepost Maltego Toolkit: Skyper

Reading time: ~4 min
Collecting and performing Open Source Intelligence (OSINT) campaigns from a wide array of public sources means ensuring your sources contain...