• Our Services
  • Knowledge Centre
  • About
  • Contact
  • Our Services
    • Adversary Simulation
    • Application Security
    • Penetration Testing
    • Response
  • Knowledge Centre
    • Insights
    • Research
    • Training
  • About
  • Contact
  • Adversary

    Adversary Simulation

    Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
  • Application Security

    Application
    Security

    Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
  • Penetration Testing

    Penetration
    Testing

    MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
  • Response

    Response

    Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.

  • Research

    MDSec’s dedicated research team periodically releases white papers, blog posts, and tooling.

  • Training

    MDSec’s training courses are informed by our security consultancy and research functions, ensuring you benefit from the latest and most applicable trends in the field.

  • Insights

    View insights from MDSec’s consultancy and research teams.

  • Containerised Browsing with Docker

    Mar 23rd, 2017

    Written by: Admin

    Exploitation

    This year’s Pwn2Own contest saw the majority of the main stream browsers being compromised once again, highlighting that we still have some way to go for a secure browsing experience….

  • TOR Fronting – Utilising Hidden Services for Privacy

    Feb 13th, 2017

    Written by: Admin

    ActiveBreach

    Tor, also known as The Onion Router as well as the Dark Web is a network that is aimed to conceal its users’ identity and their online activity from surveillance…

  • Domain Fronting Via Cloudfront Alternate Domains

    Feb 4th, 2017

    Written by: Admin

    ActiveBreach

    These are not the domains you are looking for… A technique known as Domain Fronting was recently documented for circumventing censorship restrictions by Open Whisper Systems. The benefits of this…

  • Eventvwr File-less UAC Bypass CNA

    Dec 6th, 2016

    Written by: Admin

    ActiveBreach

    Matt Nelson recently released a very useful, file-less UAC bypass using Event Viewer which was quickly implemented in to a Metasploit module by @TheColonial. Following this, we decided to release our own implementation…

  • Tool Release: CredHunter

    Jan 22nd, 2016

    Written by: Admin

    ActiveBreach

    Sometimes when conducting internal assessments or even simulated attacks, you may want the ability to quickly identify weak credentials in your environment. We often faced this problem which led to…

  • Protected Mode: A Case of When No Means Yes

    Dec 8th, 2015

    Written by: Admin

    ActiveBreach

    Browser exploitation is continually getting more challenging as defenders constantly introduce new protections, moving the goal posts further and further away. Memory corruption on the latest Internet Explorer is now not…

  • Automating Oracle Penetration Tests

    Awaiting Image

    Oct 12th, 2011

    Written by: Admin

    Penetration testing

    Some time in 2008, we developed a framework for automating Oracle penetration tests. The framework was called OAP, which stood for Oracle Attack and Penetration. However, due to the lack…

Page 6 of 6First«5 6

Recent Posts:

  • Red Teaming with ServiceNow
  • Extracting Account Connectivity Credentials (ACCs) from Symantec Management Agent (aka Altiris)
  • Nighthawk 0.3.3 – Evanesco
  • From Panic to Prepared: How To Become DORA Compliant
  • When WAFs Go Awry: Common Detection & Evasion Techniques for Web Application Firewalls

Archive:

  • March 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • June 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024

Page Links:

  • Responsible Disclosure Policy
  • Nighthawk
  • Privacy Policy
  • MUTUAL NON-DISCLOSURE AGREEMENT
  • Home
  • Our Services
    • Adversary Simulation
      • Red Team Operations
      • Purple Teaming
    • Application Security
      • Application Security
      • Large Language Models
      • Mobile Security
    • Penetration Testing
      • Infrastructure Security
      • Product Assessment
      • Cloud Security Assessment
    • Response
      • Retained Response
      • Emergency Response
      • Cyber Readiness
  • Knowledge Centre
    • Insights
    • Research
    • Training
  • About
  • Careers
  • News
  • Contact
MDsec

Services

  • Adversary Simulation
  • Application Security
  • Penetration Testing
  • Response

Resource Centre

  • Research
  • Training
  • Insights

Company

  • About
  • Contact
  • Careers
  • Privacy

t: +44 (0) 1625 263 503
e: contact@mdsec.co.uk

32A Park Green
Macclesfield
Cheshire
SK11 7NA

Accreditations

Best
IT Health Check Service
Crest Star
Crest
Cyber Essentials
British Assessment Bureau
Copyright 2025 MDSec