Pen Test Partners

Compromising a multi-cloud environment from a single exposed secret

TL;DR Introduction In practice, it is still hard to keep secrets safe in the cloud. All major cloud service providers have ...
Pen Test PartnersOpinion

AI noise and the effect it’s having on vulnerability disclosure programs

Managing vulnerability reports is difficult for an organisation.  In an ideal world, something like this happens: Everyone is ...
Pen Test Partners

2025, the year of the Infostealer

TL;DR Introduction Infostealers are not new malware. They have been around for decades. What has changed is how effective ...
Pen Test Partners

PCI London Summit 2026

Our Paul Brennecker and Charles Hunter will be attending.
pentestpartners.com

Pwning CCTV cameras

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, ...
pentestpartners.com

Bypassing MFA on Microsoft Azure Entra ID

On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network. But we had not yet gained access to their cloud estate, which was hosted in Azure. Our ...
pentestpartners.com

Watch where you point that cred! Part 1

Unauthorised network access remains a significant threat, especially for organisations lacking robust network security controls. If an attacker infiltrates a building and connects their device to the ...
pentestpartners.com

Cyber threats to shipping explained

The events in Baltimore earlier this year brought maritime cybersecurity into the spotlight. Initial outlandish claims asserted that the MV Dali was certainly hacked, whilst others made the equally ...