Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Mar 21st, 2025
Written by: Tim Carrington
ActiveBreach
Introduction Over the course of numerous Red Team engagements MDSec has often gained privileged access to a target’s ServiceNow instance. This has, in turn, facilitated a variety of compromise actions…
Dec 3rd, 2024
Written by: Admin
ActiveBreach
Introduction On a recent Red Team for a particularly hardened client, we were looking to escalate our privileges in order to move off the endpoint and pivot into the server…
Nov 29th, 2024
Written by: Admin
ActiveBreach
Introduction Nov 29, 2024 Nighthawk C2 – This post is cross posted to the Nighthawk blog. Nighthawk 0.3.3; Evanesco, unveils our latest research. “Evanesco” is a Latin term that means “I…
Sep 13th, 2024
Written by: Admin
ActiveBreach
The Digital Operational Resilience Act (DORA) is a landmark European Union (EU) regulatory framework that requires mandatory compliance from January 2025. DORA emphasises the importance of resilience for digital assets…
Jun 17th, 2024
Written by: Admin
ActiveBreach
OpSec and evasion are two of the most important factors for red team success in modern day operations, and Nighthawk continues to lead the way in innovation on this front….
Apr 25th, 2024
Written by: Admin
ActiveBreach
VirtualBox is a popular open source, cross-platform, virtualization software developed by Oracle Corporation. Earlier this year we identified an arbitrary file move vulnerability in the VirtualBox system service service that…
Mar 21st, 2024
Written by: Admin
ActiveBreach
March, 2024 Last week, the Bank of England announced the introduction of a new regulatory framework, STAR-FS, to support the financial sector in its cyber resilience operations. Over 4 years…
Feb 12th, 2024
Written by: Admin
ActiveBreach
The Directory Service is the heart and soul of many organisations, and whether its Active Directory, OpenLDAP or something more exotic, as a source of much knowledge it often acts…
Jan 12th, 2024
Written by: Admin
ActiveBreach
Overview Visual Studio is a complex and powerful IDE developed by Microsoft and comes with a lot of features that can be interesting from a red team perspective. During this…
Sep 27th, 2023
Written by: Admin
ActiveBreach
Overview See no evil, hear no evil, speak no evil. This Japanese maxim epitomises the EDRs coming up against our latest release of Nighthawk. Following copious amounts of research and…