Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Apr 10th, 2014
Written by: Admin
News
This week, the OpenSSL security team announced a high-risk vulnerability within a TLS extension of the popular open-source cryptography toolkit. The original advisory can be found here. The advisory indicates that a missing…
Feb 13th, 2014
Written by: Admin
Mobile
Security conscious developers often turn to SQLCipher [1] to encrypt content stored on a device’s file system. SQLCipher is a slightly extended version of SQLite, which allows 256-bit AES encryption…
Jan 24th, 2014
Written by: Admin
News
In October 2013, Dominic Chell and I (Shaun Colley) presented our research and proof-of-concept tool for traffic analysis of encrypted VoIP streams. We focused on Skype as a case study….
Oct 22nd, 2013
Written by: Admin
Exploitation
At HackInTheBox KUL 2013, we demonstrated two possible techniques that could be used to perform side channel attacks on packet captures of encrypted VoIP communications. The two techniques, Dynamic Time…
Feb 15th, 2013
Written by: Admin
News
Overview Threats to mobile apps are well documented, as are the risks posed from jailbreaking, rooting and malware. As we place an increasing level of trust in mobile apps, we…
Jul 16th, 2012
Written by: Admin
News
When performing any kind of product assessment, it is always preferable to have the source code. However, in the real world we all know that this isn’t always possible and…
Jul 8th, 2012
Written by: Admin
News
MDSec will be delivering the WAHH live training course at BlackHat USA again this year. The course syllabus follows the chapters of the Second Edition of The Web Application Hacker’s…
May 10th, 2012
Written by: Admin
Mobile
This if the first in a series of blog posts about iOS and iOS platform security, encompassing and expanding on the MDSec iOS Application (In)Security whitepaper. In this post, MDSec…
May 2nd, 2012
Written by: Admin
Mobile
Today MDSec released a whitepaper detailing some of the vulnerabilities we’ve observed over the past year while performing regular security assessments of iPhone and iPad applications. This whitepaper details some…
Apr 2nd, 2012
Written by: Admin
News
We recently had the pleasure of presenting at OWASP Ireland. The following talk discusses some of the issues we’ve identified during pentests that don’t easily slot in to the categories…