Blog Posts

Blog

22 March 2021

Securing the growing IoT: How government guidance is addressing security concerns | Context Information Security US

As the IoT continues to grow, questions about the security of devices continue to be...

Read Article

Blog

22 March 2021

Securing the growing IoT: How government guidance is addressing security concerns

As the IoT continues to grow, questions about the security of devices continue to be...

Read Article

Blog

3 February 2021

DynamicWrapperEx – Windows API Invocation from Windows Script Host

The Component Object Model (COM) was a revolutionary specification when it first appeared in 1995,...

Read Article

Blog

10 December 2020

Being Agile: The benefits of continuous security testing

With more and more organisations adopting modern approaches to development, is it time to adopt...

Read Article

Blog

10 November 2020

A code signing bypass for the VW Polo

Focusing on the infotainment system of the Volkswagen® Polo®, and will reveal how the security...

Read Article

Blog

16 October 2020

Getting to the right depth: exploring the fundamentals of pentesting

Whether you are an experienced consumer of Penetration Testing services or new to the industry,...

Read Article

Blog

17 August 2020

Losing the human touch

There is a general acceptance that better security behaviours and more desirable outcomes, such as...

Read Article

Blog

1 July 2020

DLL Search Order Hijacking

Context's Intelligence and Response teams have seen DLL Search Order being abused as a means...

Read Article

Blog

25 June 2020

Zoom In: Emulating 'Exploit Purchase' in Simulated Targeted Attacks

Context regularly perform Red Team and Simulated Attacker engagements for several clients. These simulated attacks...

Read Article

Blog

18 May 2020

Optimisting Windows Event Logging

This blog outlines some suggestions as to how the value of native Windows Event Logging...

Read Article

Blog

6 May 2020

Getting maximum value out of your Penetration Testing

Whether you are an experienced consumer of Penetration Testing services or new to the industry,...

Read Article

Blog

4 May 2020

A crash course into WPA Enterprise security and deployment

This blog post is the first in a three-part series into WPA security. It will...

Read Article

Blog

28 April 2020

A view from the SOC; maintaining detection capabilities during challenging times

The exponential growth in working from home as a result of COVID-19 has presented a number...

Read Article

Blog

14 April 2020

Don’t compromise your security during the COVID-19 crisis

The COVID-19 pandemic has resulted in an exponential growth in people working from home, meaning...

Read Article

Blog

9 April 2020

Your car is just the casing for a complex computer

Last year, in collaboration with Consumer Magazine Which? and several of their European partners, Context...

Read Article

Blog

8 April 2020

Conducting Onsite Security Testing Remotely

With COVID-19 forcing organisations around the World to quickly adopt remote working practices, not only...

Read Article

Blog

1 April 2020

Cyber Essentials: What is changing? | Context Information Security US

As of April 1st 2020, the Cyber Essentials Scheme is changing. Previously one of five...

Read Article

Blog

27 March 2020

Open Banking: Open for Business

Context have worked with a number of organisations to help them integrate securely with the...

Read Article

Blog

24 January 2020

The Benefits of Continuous Testing

The traditional approach to security when developing a new software application, IT product or system...

Read Article

Blog

19 December 2019

What makes a good SOC?

We examine how businesses can proactively build resiliency and develop their internal cyber security capability...

Read Article

Blog

3 October 2019

AVIVORE – Hunting Global Aerospace through the Supply Chain | Context Information Security US

The Threat Intelligence and Incident Response Team at Context Information Security has identified a new...

Read Article

Blog

28 September 2019

Cost Effective Drone Detection | Context Information Security US

The arms race in the proliferation of drones (small unmanned aircraft systems - SUAS) and...

Read Article

Blog

22 August 2019

Common Language Runtime Hook for Persistence | Context Information Security US

This blog post explains how it is possible to execute arbitrary code and maintain access...

Read Article

Blog

19 August 2019

Incident Response Planning

Cyber-crime is expected to cost businesses around the globe approximately $6 trillion dollars annually by...

Read Article

Blog

24 July 2019

A Beginner's Guide to Windows Shellcode Execution Techniques

This blog post is aimed to cover basic techniques of how to execute shellcode within...

Read Article

Blog

15 July 2019

Understanding Defence in Depth

The world of cyber security can be a confusing place, filled with buzz-words and technical...

Read Article

Blog

8 May 2019

ICS Security - IT vs OT

SCADA, ICS, OT, DCS…there’s a bewildering number of acronyms that have been increasingly used in...

Read Article

Blog

21 March 2019

Why you need to start thinking about supply chain cyber security

A lot of businesses are already addressing the need to have an understanding of their...

Read Article

Blog

22 January 2019

Top Findings from Red Team Engagements

Following on from our previous post about common Red Team findings we now look at...

Read Article

Blog

8 January 2019

Analysing Red Team Findings

In a recent white paper we took a look at what a Red Teaming test...

Read Article

Blog

20 November 2018

Escaping from Mozilla Firefox in Restricted Environments

How to execute operating system commands by leveraging legitimate functions of Mozilla Firefox.

Read Article

Blog

8 November 2018

Hardware Encryption Weaknesses and BitLocker

Hardware encryption implemented within certain Solid State Drives (SSDs) can be exploited to recover all...

Read Article

Blog

2 November 2018

Security in the (Hybrid) Cloud: Containerization

This is the third and final entry in a series of blog posts looking at...

Read Article

Blog

19 October 2018

Security in the (Hybrid) Cloud: Integrating Internal Systems

This is the second of a series of three blog posts looking at how we...

Read Article

Blog

5 October 2018

Security in the (Hybrid) Cloud: Next Gen Enterprise Infrastructure

Context are increasingly seeing our clients moving services into cloud offerings. The conditions and maturity...

Read Article

Blog

4 September 2018

Lateral movement: A deep look into PsExec

PsExec was originally conceived as a sysadmin tool. It quickly turned into the de facto standard...

Read Article

Blog

14 August 2018

What does cyber insurance cover and is it worth the investment?

Sales of cyber insurance policies are increasing and have been steadily doing so over the...

Read Article

Blog

22 May 2018

Ransomware - Minimising the threat to your business

What steps can you take to protect yourself and your business from becoming a victim...

Read Article

Blog

15 May 2018

Ransomware - First steps to take after identifying an infection

This is Part 3 of our Ransomware series (read Part 1, Part 2 and Part 4 here),...

Read Article

Blog

10 May 2018

Ransomware - Identifying Patient Zero

This blog post aims to provide IT teams with a guide to combat on-going ransomware...

Read Article

Blog

1 May 2018

Ransomware - what is it and why should I care?

This series aims to answer some of the most commonly asked questions about ransomware, give...

Read Article

Blog

4 April 2018

Downgrade SPNEGO Authentication

How to attack a weak authentication protocol for offline password cracking.

Read Article

Blog

21 March 2018

Small Steps Towards a Secure IoT

A few weeks ago, the UK’s Department for Digital, Culture, Media and Sport, along with the...

Read Article

Blog

14 March 2018

Business Email Compromise - A Short Reality Check

Business Email Compromise (BEC) attacks have become an alarmingly common threat - targeting businesses of...

Read Article

Blog

28 February 2018

What is Threat Hunting?

The range of cyber related services and areas of IT service provision can be truly...

Read Article

Blog

24 January 2018

The Anatomy of a Social Engineering Attack

When you hear the word Security, what is your first thought? The likelihood is, the...

Read Article

Blog

10 January 2018

Testing Multi-Step Forms (Part 2)

In the previous blog post, we discussed the general difficulties that come with scoping multi-step...

Read Article

Blog

6 December 2017

Linux Privilege Escalation via Dynamically Linked Shared Object Library

How RPATH and Weak File Permissions can lead to a system compromise.

Read Article

Blog

24 November 2017

Don't Feed Them After Midnight: Reverse-Engineering the Furby Connect

With Christmas almost upon us and "pester season" in full swing, we thought it high...

Read Article

Blog

17 November 2017

Accessing Carbon Black Response via The Command Line

Carbon Black Response is our preferred tool for performing live analysis of activity occurring on...

Read Article

Blog

26 October 2017

Bad Rabbit: What you need to know

The recent outbreak of a ransomware variant known as Bad Rabbit has caused widespread concern,...

Read Article

Blog

18 October 2017

Logging Like A Lumberjack

Many tools that are built specifically for pen-testing, such as BURP suite, already have automatic...

Read Article

Blog

16 October 2017

KRACK Attack: What you need to know

The recently-disclosed Key Reinstallation Attacks (KRACK) are a series of serious weaknesses in the WPA2...

Read Article

Blog

13 October 2017

NYCRR500.05 – Pen test vs Continuous monitoring

The next deadline in the New York State Department of Financial Services’ NYCR500 regulation is...

Read Article

Blog

25 September 2017

XSLT Server Side Injection Attacks

Extensible Stylesheet Language Transformations (XSLT) vulnerabilities can have serious consequences for the affected applications, often...

Read Article

Blog

6 September 2017

Cyber Security - Is it time for a holistic approach?

The traditional view of security for many people is a burly security guard, iron bars...

Read Article

Blog

23 August 2017

Cross Site Scripting, Weak Authentication and TLS still head up critical threats

It’s been two years since Context last took a step back and looked at the...

Read Article

Blog

9 August 2017

An overview of firmware storage options

The security of a device’s firmware, as the first or an early part of a...

Read Article

Blog

28 July 2017

The Neglected Dangers of Email Functionality

A great deal of web applications utilise email to implement functionalities such as user self-registration,...

Read Article

Blog

26 July 2017

Über die Schwierigkeiten von Antragsstrecken

In diesem zweiteiligen Blogpost werden wir Antragsstrecken diskutieren. In Teil 1 befassen wir uns damit,...

Read Article

Blog

12 July 2017

What's a Security Operations Centre (SOC) and why should I care?

My previous blog post talked about cyber security risk management. This post explains the relevance...

Read Article

Blog

27 June 2017

Petya: What you need to know

Context has become aware of a new self-propagating variant of the “Petya” ransomware which spreads...

Read Article

Blog

12 June 2017

Hacking the Virgin Media Super Hub

Update: Following several queries we can confirm that all Super Hub 2 devices use 'changeme'...

Read Article

Blog

31 May 2017

What is effective cyber security risk management?

Cyber services are currently going through an evolution, moving from the reactive to the proactive,...

Read Article

Blog

19 May 2017

Applocker Bypass via Registry Key Manipulation

AppLocker is the de-facto standard to locking down Windows machines. It is new to Windows...

Read Article

Blog

5 May 2017

Exploiting Vulnerable Pandas | Context Information Security US

There’s been some debate recently (see the work of Tavis Ormandy, Project Zero) around whether...

Read Article

Blog

20 April 2017

The Resilient Road to Recovery

“It’s not a matter of if your network is compromised but when”. This phrase may...

Read Article

Blog

29 March 2017

Making an NTFS Volume Mountable by Tinkering with the VBR

We recently had to do disk forensics of 10 disks, each of which had a...

Read Article

Blog

15 February 2017

Phwning the boardroom: hacking an Android conference phone

At Context we’re always on the lookout for interesting devices to play with. Sat in...

Read Article

Blog

7 February 2017

User Awareness: An Important Tool in Protecting Your Organisation from Cyber Threats

Making your employees aware of the cyber threats they might face, both at work and...

Read Article

Blog

24 January 2017

WAP just happened to my Samsung Galaxy?

This is the third in a series of blogs about how, even in 2017, SMS-based...

Read Article

Blog

21 December 2016

Manipulating client-side variables in Java applications

Penetration testing of thick client applications is a common service performed at Context. For those...

Read Article

Blog

2 November 2016

Securing Corporate Mobile Devices

Mobile computing is well and truly ubiquitous, and has transformed the business world. But the...

Read Article

Blog

13 October 2016

The Perils of Public Wireless Networks: How I Stole Your Hash

It’s a question that gets asked all the time – “How Do I keep my...

Read Article

Blog

21 September 2016

Porting exploits to a Netgear WNR2200

Software vulnerabilities and the accompanying exploits are still all too common. Fortunately the response to...

Read Article

Blog

15 September 2016

Analysing and repurposing Spartan's CVE-2015-7645

For this blog post we’ve chosen to analyse a Flash exploit utilised by the Spartan...

Read Article

Blog

31 August 2016

Using SMB named pipes as a C2 channel

Intrusion detection systems are becoming increasingly more capable of detecting malicious activity on the corporate...

Read Article

Blog

16 August 2016

Manually Testing SSL/TLS Weaknesses 2016 Edition | Context Information Security US

In 2015 Jay Kalsi and Daniel Mossop released a blogpost for Context that explained how...

Read Article

Blog

10 August 2016

Attacks on HTTPS via malicious PAC files

In our last blog post, Sniffing HTTPS URLS with malicious PAC files, we described issues identified in...

Read Article

Blog

2 August 2016

Obfuscation, Encryption & Unicorns… Reversing the string encryption in the Pangu 9.3 jailbreak

Like many others I was happy to read the news that team Pangu released a...

Read Article

Blog

27 July 2016

Sniffing HTTPS URLS with malicious PAC files

In March this year we discovered an issue with the way many web browsers and...

Read Article

Blog

18 May 2016

The Security of HTTP-Headers | Context Information Security US

When it comes to web application security one often thinks about the obvious: Sanitize user...

Read Article

Blog

5 May 2016

Bluetooth LE - Increasingly popular, but still not very private | Context Information Security US

In May last year we wrote a blog post on our initial research on Bluetooth...

Read Article

Blog

20 April 2016

The rise and rise of red teaming

Red team testing is increasingly being employed by organisations across the business spectrum, but particularly...

Read Article

Blog

6 April 2016

Subverting the Agent on Network PATROL

A Red Team engagement led to the team discovering unprotected credentials encrypted with an infrastructure...

Read Article

Blog

31 March 2016

Protecting Against the Insider Threat

The trusted insider threat remains one of the most potent, yet least understood, of the...

Read Article

Blog

16 March 2016

An Introduction to Debugging the Windows Kernel with WinDbg

Being able to examine the inner workings of an operating system is a powerful ability....

Read Article

Blog

2 March 2016

The New glibc Vulnerability that Desperately Needs a Name

A lighthearted view on the latest glibc vulnerability and how it compares to similar older...

Read Article

Blog

17 February 2016

Do you remember this packet?

Whilst attempting to recover the DNS cache from a Windows memory sample, we made a...

Read Article

Blog

14 December 2015

Communicating a Cyber Attack - A Retrospective Look at the TalkTalk Incident

The recent breach at TalkTalk received extensive coverage in the media and led to several...

Read Article

Blog

30 November 2015

EsPReSSO a refreshment on the hunt for Single Sign-On

EsPReSSO was developed as a Bachelor thesis in IT-Security by Tim Guenther, at Ruhr-University Bochum,...

Read Article

Blog

26 November 2015

Building a SOC: Thinking About Effective Incident Management

While incident response is what we most often talk about, we also do a lot...

Read Article

Blog

16 November 2015

Data Exfiltration via Blind OS Command Injection

On a penetration test or CTF challenge you may come across an application that takes...

Read Article

Blog

2 November 2015

The Cyber Threat and Terrorism

The concept of cyber terrorism, or extremists utilising offensive cyber techniques, is one that gains...

Read Article

Blog

19 October 2015

Make a Django app insecure? It's not easy and that's a good thing!

The OWASP Top 10 describes the most critical and most commonly occurring security flaws in web...

Read Article

Blog

5 October 2015

Alarm bells ringing!

We like to look at the security of consumer and commercial products, either as a...

Read Article

Blog

21 September 2015

Hacking without Computers – An Introduction to Social Engineering

The concept of manipulating people and processes for some benefit pre-dates the invention of computers...

Read Article

Blog

15 September 2015

Nation States: The Godfathers of Targeted Attacks

For many years the world of targeted cyber attacks was limited to nation states; few...

Read Article

Blog

8 September 2015

A Scout’s Guide to Incident Response

This part of our blog series, covering the recent work we have done with the...

Read Article

Blog

2 September 2015

Good advice, a rare commodity?

Information is the lifeblood of effective cybersecurity. Without a current understanding of the threats, protections,technologies...

Read Article

Blog

17 August 2015

KGDB on Android - Debugging the kernel like a boss

A few months back I purchased the Android Hacker's Handbook. For those of you who...

Read Article

Blog

20 July 2015

Wireless Phishing with Captive Portals

In this post we describe a simple technique that has been around for some time...

Read Article

Blog

7 July 2015

DNSWatch - When a full DNS tunnel is just too much

During certain engagements it is a requirement to extract data from a network - or...

Read Article

Blog

10 June 2015

The recent US government data breach: big data techniques, a driving force behind a large scale cyber espionage programme?

The recent cyber-attack against the Office of Personnel Management (OPM) has resulted in the compromise...

Read Article

Blog

21 May 2015

The Emergence of Bluetooth Low Energy | Context Information Security US

This is the first blog on our work on Bluetooth Low Energy (BLE). For an...

Read Article

Blog

13 May 2015

Wireless Gridlock in the IoT

"What good is a phone call when you are unable to speak?" When people mention...

Read Article

Blog

13 April 2015

Breaking the law: the legal sector remains an attractive target; why not turn cyber security into an opportunity?

The legal sector will remain an attractive target for the full spectrum of threat actors;...

Read Article

Blog

30 March 2015

SQL Inception: How to select yourself | Context Information Security US

In this blog post I will describe a few ways to view the whole SQL...

Read Article

Blog

16 March 2015

RFID Tags in Access Control Systems

One of our recent engagements required us to explore an unknown RFID tag which was...

Read Article

Blog

2 March 2015

Thanks for the Memories: Identifying Malware from a Memory Capture

We've all seen attackers try and disguise their running malware as something legitimate. They might...

Read Article

Blog

12 September 2014

Hacking Canon Pixma Printers - Doomed Encryption

This blog post is another in the series demonstrating current insecurities in devices categorised as...

Read Article

Blog

5 August 2014

A Cruel Interest: Attacker motivations for targeting the financial services sector

Beyond the bank robber motivations what else is likely to drive attacks against the financial...

Read Article

Blog

12 June 2014

Careto Malware Masks Ancient but Deadly Virus DNA

Kaspersky recently discovered a new family of malware, dubbed ‘The Mask’ or ‘Careto’, which it...

Read Article

Blog

29 May 2014

Altiris-La-Vista: The Secrets Within…

Recently at Context we were asked by a client to perform an infrastructure test on...

Read Article

Blog

17 December 2013

Expressing Yourself: Analysis of a Dot Net Elevation of Privilege Vulnerability

In the .NET framework sandboxing is implemented by running code with 'Partial Trust' which uses...

Read Article

Blog

7 December 2013

Malware 1 - From Exploit to Infection

In this series of posts I will be looking at the most recent malware attacks...

Read Article

Blog

11 October 2013

Are You Following Me?

A client approached us this week with an interesting issue: several members of their staff...

Read Article

Blog

15 July 2013

The Day of the Ball is not the Time to Learn to Dance

For years organisations around the world have looked at the risks that they face and...

Read Article

Blog

14 June 2013

The Crouching Tiger at the IHS Watering Hole | Context Information Security US

This blog post details the investigation of a recent watering hole attack that we observed...

Read Article

Blog

19 April 2013

Java Pwn2Own

On 16th April Oracle released Java 7 Update 21 (which you should install now if...

Read Article

Blog

31 May 2012

SAP Exploitation – Part 3

In this post of the series, I will go into some detail on the various...

Read Article

Blog

26 January 2012

Malware 2 - From Infection to Persistence

In my previous posting, a malicious PDF was analysed that originated from a targeted email...

Read Article

Blog

6 November 2011

Server Technologies - HTTPS BEAST Attack

A number of our clients have asked for advice regarding the HTTPS BEAST attack. This...

Read Article

Blog

30 August 2011

SAP Exploitation – Part 2

This is the second in a series of posts about SAP infrastructure security, specifically related...

Read Article

Blog

16 June 2011

WebGL – More WebGL Security Flaws

In this blog post Context demonstrates how to steal user data through web browsers using...

Read Article

Blog

9 May 2011

WebGL - A New Dimension for Browser Exploitation

Due to the high level of interest in Context’s blog posting on the Security issues...

Read Article