Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Dec 10th, 2019
Written by: Admin
ActiveBreach
Last year I posted a few tricks to help when targeting MacOS users, and included a technique useful for spoofing file extensions with the aim of taking advantage of Finder’s…
Feb 13th, 2019
Written by: Admin
ActiveBreach
In March 2018 we released SharpShooter, a framework for red team payload generation. We followed up with further updates and new techniques in June. Like many offensive tools, the framework…
Jan 22nd, 2019
Written by: Admin
ActiveBreach
Background The Office add-ins platform allows developers to extend Office applications and interact with document content. Add-ins are built using HTML, CSS and JavaScript, with JavaScript being used to interact…
Jan 2nd, 2019
Written by: Admin
ActiveBreach
No matter where you turn, it’s hard to miss just how much of an effect the Blockchain has had on our daily lives. Being the backbone of the digital currency…
Dec 17th, 2018
Written by: Admin
News
Introduction We recently performed an Insider Threat red team engagement, posing as employees within the company. We were provided with all the benefits of a regular employee (except salary :))…
Oct 26th, 2018
Written by: Admin
ActiveBreach
Sometimes when you are in the middle of an engagement, you will come across a hurdle which requires a quick bit of research, coding, and a little bit of luck….
Aug 21st, 2018
Written by: Admin
News
Overview Title: CouchDB Arbitrary Write Local.ini Configuration Authenticated Remote Code Execution Version: <=2.1.1 Researcher: Francesco Oddo at MDSec Labs (https://www.mdsec.co.uk) Disclosure Date: 5/01/2018 Public Disclosure Date: 30/04/2018 Severity: High Description…
Jul 11th, 2017
Written by: Admin
News
Prior to commencing any red team engagement, it is important to carefully consider how your infrastructure will be designed. As part of this process, one pivotal consideration is the host/domains…
Mar 23rd, 2017
Written by: Admin
Exploitation
This year’s Pwn2Own contest saw the majority of the main stream browsers being compromised once again, highlighting that we still have some way to go for a secure browsing experience….
Feb 13th, 2017
Written by: Admin
ActiveBreach
Tor, also known as The Onion Router as well as the Dark Web is a network that is aimed to conceal its users’ identity and their online activity from surveillance…