Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Feb 4th, 2017
Written by: Admin
ActiveBreach
These are not the domains you are looking for… A technique known as Domain Fronting was recently documented for circumventing censorship restrictions by Open Whisper Systems. The benefits of this…
Dec 6th, 2016
Written by: Admin
ActiveBreach
Matt Nelson recently released a very useful, file-less UAC bypass using Event Viewer which was quickly implemented in to a Metasploit module by @TheColonial. Following this, we decided to release our own implementation…
Oct 3rd, 2016
Written by: Admin
Exploitation
In August, @MDSecLabs delivered a talk at the Manchester BSides titled “Breaking and Entering, Hacking Consumer Security Systems”. The talk outlined research that we had performed in to the security (or…
Jan 22nd, 2016
Written by: Admin
ActiveBreach
Sometimes when conducting internal assessments or even simulated attacks, you may want the ability to quickly identify weak credentials in your environment. We often faced this problem which led to…
Dec 8th, 2015
Written by: Admin
ActiveBreach
Browser exploitation is continually getting more challenging as defenders constantly introduce new protections, moving the goal posts further and further away. Memory corruption on the latest Internet Explorer is now not…
Nov 27th, 2015
Written by: Admin
Mobile
Vulnerability Description The Samsung Voice application provides a means to control your smartphone through voice commands, such as initiating calls to the device’s contacts. It is installed by default on…
Oct 8th, 2015
Written by: Admin
Exploitation
During a recent penetration test, MDSec found several vulnerabilities in a RF spectrum analyzer that was exposed to the Internet. The SED Systems Decimator D3 is the third generation of SED’s popular…
Apr 2nd, 2015
Written by: Admin
Mobile
As you may have heard, our latest publication the Mobile Application Hacker’s Handbook is out. When you’re writing a book you have to agree a number of things with the…
Mar 27th, 2015
Written by: Admin
News
If you’re interested in web and/or mobile security and want to learn some cutting-edge techniques, then we have just the thing! This April and June we’re running two training courses…
Mar 11th, 2015
Written by: Admin
Mobile
We recently became aware of a device known as an IP Box that was being used in the phone repair markets to bruteforce the iOS screenlock. This obviously has huge…