Pen Test Partners

Discord as a C2 and the cached evidence left behind

TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but ...
Pen Test Partners

A buyer’s guide to CHECK in 2025

TL;DR What is CHECK, when should you use it, and why? CHECK is NCSC’s assurance scheme for penetration testing. It began as a way for government and critical systems to be tested safely, but any ...
pentestpartners.com

Start hacking Bluetooth Low Energy today! (part 1)

Use Linux and a Bluetooth adapter card—this could be a built-in or cheap USB dongle. It’s probably FREE to most practicing hackers. Remember that Raspberry Pi 3 (or newer) sitting in your drawer?
pentestpartners.com

Terraform Cloud token abuse turns speculative plan into remote code execution

On a Red Team engagement we entered a busy multicloud estate. AWS, GCP and Azure were all used, with Terraform Cloud orchestrating every change. That brings speed and consistency, but it also ...
Pen Test Partners

Society for Computing & Law – Cybersecurity & Law Conference

A Live Demonstration of Vulnerability and Exploitation  Witness firsthand how an AI tool can be compromised in this revealing ...
Pen Test Partners

BSides Bristol 2025

All at sea. Thought your OT / IT infrastructure was complex? Try doing it on a cruise ship. Cruise ships are among the most complex environments you’ll find in a single moving location. They combine ...
pentestpartners.com

DFIR tools and techniques for tracing user footprints through Shellbags

Shellbags are a valuable forensic artifact, providing analysts with information about user interactions with folders in Windows. These registry keys record metadata such as folder paths, view settings ...
pentestpartners.com

Thumbnail forensics. DFIR techniques for analysing Windows Thumbcache

Windows thumbnail cache, or thumbcache, is a well-known forensic artifact, but often one that is overlooked. The thumbcache stores small previews of images, videos and documents and can persist even ...
pentestpartners.com

How to transfer files in AWS using SSM

You’ve done a build review on a host and need to get files from a host, or need to access an application, for example, a Nessus instance running internally. There’s always evidence generated, but ...
pentestpartners.com

Android Services 101

Along with user interactive tasks, Android needs a method of running things in the background. There are multiple methods of doing this, but the most common method is the service. This is a task that ...
pentestpartners.com

Rethinking cyber insurance questions to find real risk

I’ve been advising on cyber risk in the insurance sector for over a decade. It still surprises me how many proposal forms include questions that offer very little insight into the actual risk being ...