We offer a range of consultancy services that can be tailored to meet your organisations needs. Our consultancy team consists of the best information security talent around the world. We have experts across all fields of enterprise and consumer technology, from low-level hardware hacking, to sophisticated and targeted attacks where custom exploits and implants are required.
Our ActiveBreach team simulate the TTPs of real adversaries to assess your organisation at each step of the cyber kill chain.
Our mobile assessments are backed by global training, publications and the Mobile Application Hacker’s Handbook.
Determine the hidden truth behind your little black boxes with our detailed hardware assessment services.
Leverage the team behind the industry-leading Web Application Hacker’s Handbook.
Our trusted team can analyse network intrusions and malware samples to provide valuable intelligence on intrusions.
Our CREST and CHECK team leverages years of experience in assessing external and internal corporate infrastructure.
Ensure your assurance programme covers key specialist systems such as SCADA and ICS.
Managed phishing exercises provide insight into user behaviour and test the effectiveness of user awareness training.
Description A remote code execution issue in SharePoint Online via Workflows code injection was reported to Microsoft in November 2019 which was addressed immediately on the online platform. However, the main issue was patched in .NET Framework in January 2020. Therefore, the SharePoint On-Premise versions which do not have the January 2020 .NET patch are still affected. It should be...
Last month, a critical vulnerability in Citrix ADC and Citrix Gateway was published under CVE-2019-19781. The vulnerability caught our attention as it suggested that an unauthenticated adversary could leverage it to compromise the device. Although the original discovery was made by Positive Technologies and Paddy Power Betfair, there were no details publicly available on how to exploit this, as such...
