In part one we started hacking Bluetooth and made a little £2 key-finder beep using only Android and Linux. If you haven’t ...

Ken Munro is presenting: Hacking planes. What can we learn on the ground from vulnerabilities in the air? Flying is safe, far safer than many other modes of transport. However, aeroplanes are ...

TL;DR Before you start First off, before we start Bluetooth hacking can be confusing, there are lots of references to tools that are a bit outdated, scripts that don’t run, and more. The actual ...

Andrew Tierney is presenting at “It Doesn’t Have to Be That Hard: Battle of the Hardware Hacking” This September, OWASP Manchester hosts two leading voices in hardware hacking: Jay Harris and Andrew ...

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...

To make development easier, mobile applications are built on APIs, then a front end for iOS or Android is designed which calls those API endpoints. APIs are generally protected by some form of ...

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, ...

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...

I gave a talk in Athens recently to a number of shipping lines about infosec. One thing that struck me were the similarities between the challenges maritime cyber is facing now and the challenges ...

UK Government Environment Agency web site had an open redirect that was actively being used to redirect to various porn sites, including OnlyFans clone sites. Disclosure should have been easy but wasn ...

The tool outputs “hash matches” if no AMSI tampering has been detected within launched powershell processes. The main window demonstrates running Mimikatz via powershell using SharpBlock. The first ...