Pen Test Partners

Discord as a C2 and the cached evidence left behind

TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but ...
Pen Test Partners

Spencer Kelly’s Cybersecurity Masterclass

Join Spencer Kelly and Ken Munro for a special Cybersecurity Awareness Month briefing on the biggest threats facing ...
pentestpartners.com

OxCyber Social Event September 2025

Join us for an evening of relaxed networking, conversation, and connection with the local cyber and tech community. OxCyber Socials are designed to bring together cybersecurity professionals, tech ...
Pen Test Partners

A buyer’s guide to CHECK in 2025

TL;DR What is CHECK, when should you use it, and why? CHECK is NCSC’s assurance scheme for penetration testing. It began as a way for government and critical systems to be tested safely, but any ...
pentestpartners.com

GPS watch issues… AGAIN

Over the last year of looking at kids GPS tracking watches we have found some staggering issues. With these devices it almost seems that having multiple security issues is the new normal. While ...
pentestpartners.com

Hacking the Mitsubishi Outlander PHEV hybrid

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...
pentestpartners.com

Cyber threats to shipping explained

The events in Baltimore earlier this year brought maritime cybersecurity into the spotlight. Initial outlandish claims asserted that the MV Dali was certainly hacked, whilst others made the equally ...
pentestpartners.com

How to install Frida into an Android application

On a recent job I was testing a rather interesting piece of technology that had several server side checks but they wanted to add some additional security on the client side. Great!! One of these ...
pentestpartners.com

Pwning WordPress GraphQL

Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a ...
pentestpartners.com

Jeopardising aircraft through TCAS spoofing

The Traffic Alert & Collision Avoidance System or TCAS was first developed in the early 1980s using transponders on aircraft to interrogate other aircraft within a set range about their distance, ...
pentestpartners.com

Airbus Navblue Flysmart LPC-NG issues

LPC-NG or Less Paper Cockpit – Next Generation is an electronic flight bag (EFB) application offered by Navblue, a part of Airbus. It’s used for calculating engine thrust requirements (perf) on ...