TL;DR Introduction   When it comes to being security aware, there are seemingly endless things you need to consider. Here are ...

TL;DR Introduction If you are a computer nerd, it’s statistically likely you’ll be self-hosting multiple kinds of web ...

Tl;DR Introduction In my previous job as the SOC manager for a public sector organisation, I would often see attempts from ...

TL;DR Introduction When responding to an incident, logs provide a vital record of events within a system and serve as a critical source of evidence during an incident investigation. They help identify ...

In the field of maritime cyber, we often cite the movie Speed 2: Cruise Control from 1997 as an interesting prediction of the future. It illustrates the reality of today quite well, despite being ...

Discord has become an attractive tool for attackers not because it’s malicious, but because it’s legitimate and trusted. It often flies under the radar of security controls and offers features that ...

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...

Windows thumbnail cache, or thumbcache, is a well-known forensic artifact, but often one that is overlooked. The thumbcache stores small previews of images, videos and documents and can persist even ...

We investigated a ransomware incident on a Windows Server 2012 host running in an SFTP-only role. The attacker delivered an attack that combined remote code execution, persistence, tunnelling, and a ...

The Content Security Policy (CSP) is a layer of security for web applications that helps detect and stop client-side attacks such as Cross-Site Scripting (XSS), Clickjacking, data exfiltration, or ...

The UK Cyber Security and Resilience Bill (CS&R) was announced last year in the King’s Speech. It addresses gaps in current regulation, like NIS, with a broader scope, enhanced incident reporting ...