TL;DR  Introduction   I’m a huge fan of micro generation and domestic power storage batteries. However, as we dash for net zero, one of the ways to balance the grid is to capitalise on EV batteries ...

Why this sector is different Retail systems are designed for speed and convenience. That usually means lots of integration points, frequent change, and a long list of third parties that touch customer ...

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...

For those that followed my personal blog posts on Creating an EDR and Bypassing It, I developed a new tool called SharpBlock. The tool implements a Windows debugger to prevent EDR’s or any other DLL ...

Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a ...

In a previous post we discussed the potential consequences of tampered take-off performance applications. We now discuss the integrity of Approach and Landing Performance applications, and potential ...

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, ...

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...

Six months ago the UK’s Glastonbury Town Council set up a 5g Advisory Committee to explore the safety of the technology, and last month the local paper reported their findings. This statement is in ...

The ability to edit Group Policy Object (GPOs) from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what ...

This is the second in a three-part series looking at the key steps for an effective investigation, response, and remediation of email-based threat in M365. Part one looked at the key artefacts to ...

Back in the day, it used to be easy to enumerate email addresses from forgotten password forms. Differences in the response made it easy to check if accounts existed. After that, you could brute force ...