London: 020 7549 2802
Leeds: 0113 880 0722 Northampton: 01604 882 882


23 January 2016 by Matthew Byrne

Background As we’re all aware by now, “the cloud” is the term given to the provision of services and applications that are hosted on the Internet, instead of traditionally on a businesses’ own premises. Cloud computing provides users and businesses with the ability to store and process their data in third-party data centres with the much advertised benefits of being able to get their applications up and running faster, with improved manageability and reduced downtime; allowing businesses … Read More »

29 June 2015 by Lynda Curtis

Perspective Risk (PR) is pleased to announce it has been recognised as a highly innovative digital business by the Innovation and Enterprise Digital Fund (INV-ENT Digital). PR was chosen to receive a funding award based on an innovative digital solution in a highly competitive and over subscribed selection process.   “The new portal will provide our clients with fast, seamless access to the comprehensive range of professional services offered by PR, whilst still giving the high level of … Read More »

Category: Announcements
4 April 2015 by Matthew Byrne

Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw Version: Thinfinity Remote Desktop Workstation v. Vendor: Cybele Software, Inc Release Date: 01/04/2015 Summary Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw. Impact Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in the context of Local System (by default). Unaffected Products Thinfinity Remote Desktop Workstation v. (32-bit and 64-bit) … Read More »

25 September 2014 by Matthew Byrne

Overview The information security field has been lit up over the last few hours discussing “Shellshock” the next Heartbleed type vulnerability (in terms of severity), the jury is still out as to whether this is worse but it’s certainly looking to be at least as bad as Heartbleed at this stage in proceedings. In the Wild Perspective Risk has already identified scan attempts looking for the vulnerability, albeit from a security researcher conducting an assessment of the … Read More »

30 July 2014 by Dave Stroud

Following on from my first blog post, hopefully you’ve now grasped the basics of XSS, so we can move onto some slightly more advanced areas. As mentioned in the previous post, we’ll be covering event handlers today. We’re also going to take a look at breaking out of HTML tags, as this is another essential part of exploiting XSS flaws and web security!   Event Handlers Event handlers are special JavaScript functions that perform an action based … Read More »

18 September 2013 by Dave Stroud

This is a quick script I wrote for converting to Unicode and back when using string.fromCharCode() to circumvent filters in Cross Site Scripting attacks.   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 #!/usr/bin/python2.7   import argparse import sys import re   def CharCode(text):     print “<script>eval(String.fromCharCode(“,     for count, … Read More »

17 September 2013 by Dave Stroud

Following on from my MySQL Injection Practical Cheat Sheet here is the MSSQL version. As before, I will list the injections by their categories: union based, error based and inferential (time and boolean). Wherever you see @@version below (used to find the database version), you can replace it with:   db_name() – to extract database name user_name() or user()- to extract the username the database runs under @@servername – to extract the server name host_name() – to extract the host name   Note that, in the … Read More »

21 May 2013 by Finian Mackin

Kali Linux – Pentesting for the masses? My previous blog post looked at the changing face of the Backtrack / Kali rebirth and how the Offensive Security team, along with Rapid7, are looking at progressing into the Enterprise space. In this post I will be looking a bit closer at the Kali distribution itself and getting to the bottom of some of the changes and reasoning behind the move.   Progression to a more standardised approach At its core, it’s a move … Read More »

15 May 2013 by Finian Mackin

Penetration testing for the masses with Kali Kālī (Sanskrit: काली, IPA: [kɑːliː]), also known as Kālikā (Sanskrit: कालिका), is the Hindu goddess associated with empowerment, shakti. The name Kali comes from kala, which means black, time, death, lord of death, Shiva.   Interesting and a little scary on first glance, but perhaps more relevant to us, Kali Linux is the new generation of the industry-leading Backtrack Linux penetration testing and security auditing distribution. Kali Linux is a complete re-build … Read More »

23 April 2013 by Finian Mackin

Instant Penetration Testing: Setting Up a Test Lab How-to [Instant] by Vyacheslav Fadyushin, is available now from Packt Publishing at a price of £6.99 £5.94. It is aimed at the prospective or novice security consultant and will give a high level look at the penetration test process, methods and training requirements for someone to get their teeth into.   The Beginning The text starts by conveying the ethos and components of a penetration test in a logical and easy to understand fashion, … Read More »

25 March 2013 by Abdul Ikbal

NFSShell is neat little tool that allows user level access to an NFS server and its NFS shares. It can be used by penetration testers to exploit known issues with the NFS Service typically associated with the port 2049/tcp. A whole host of vulnerabilities are associated with an NFS share being exposed. The screenshot below shows several simple steps I took to view an NFS share available to mount on the host. I then used the … Read More »

25 March 2013 by Dave Stroud

There are lot of excellent SQL injection cheat sheets out there; however, I found the majority provide only the components of a SQL injection rather an entire, working string. As a result, successfully putting a valid query together can take some trial and error and waste precious time. I have thus attempted to create a list of pre-made strings for each type of SQL injection so that they can simply be pasted in with little modification.   … Read More »

30 January 2013 by Dave Stroud

Continuing on from my previous post where we took a look at the key JavaScript functions needed to perform more advanced XSS attacks, in this post we’ll be looking at how we can use injected iframes to harvest login credentials. We will do so by creating a full screen iframe of the site’s login page and then edit the action of the login form on the fly so that it points to a credential stealing PHP script we host … Read More »

8 November 2012 by Pravesh Kara

We are very pleased to announce that we have successfully recertified as a CREST Member Company. Information Security companies under the CREST scheme must recertify every year to ensure they are meeting the stringent standards required. Our recertification thus reflects our ongoing commitment to providing a world class penetration testing service.

Category: Announcements
7 November 2012 by Dave Stroud

It seems like just yesterday we were scrambling up Scarfel Pike in our last PRCON; however, an entire year had flown by and so it was time for PRCON 2012! We thus jetted off from our respective homes all round the country and met in Northampton for two days of presentations, group activities and plenty of drinking! We also had the pleasure of formally meeting the two new cogs in the Perspective Risk Information Security machine, Ash and … Read More »

Category: Announcements
31 October 2012 by Dave Stroud

When encountering a Cross-Site Scripting (XSS) flaw, it is standard practice for a penetration tester to inject: <script>alert(document.cookie)</script> Which will pop up an alert box displaying their cookie. A screenshot of this, accompanied by a description of a hypothetical attack scenario, such as “an attacker could exploit this to redirect users to a malicious site” or “an attacker could leverage this to harvest login credentials”, will then form the evidence and consequences of the issue in the … Read More »

16 October 2012 by Dave Stroud

By default, VMware Player will use Network Address Translation (NAT) to provide your virtual machine (VM) with network connectivity. At a basic level, this means that your VM will share an IP address with yourhost operating system (OS). Your host will then use the concept of NAT to ensure that responses to traffic emanating from your VM are directed to it accordingly.   Using NAT is fine for the majority of VM usage, however, there are some circumstances where it’s better to have your VM in bridged mode. When bridged, a VM … Read More »

16 October 2012 by Dave Stroud

Without doubt, there are many small business owners who realize the benefits of a penetration test and want to secure their infrastructure; however, many more will be of the opinion that they need not concern themselves with the security of their network as they have no information a hacker would ever find useful. This mindset, that of ‘security through anonymity’, is inherently flawed as in reality, every business network, regardless of size, likely contains something useful for a hacker. It can be … Read More »

30 June 2012 by Minh-Dat Lam

Greetings! Continuing from my first blog about the journey of reverse engineering, I’d like to make a quick post about the fundamentals of code analysis as an expansion of the reverse engineering topic at the end of my first blog. I believe that if you want to be a true hacker or forensic investigator, the understanding of how software works at a code level is essential. You need to be able to either break down the exploit code, … Read More »

Category: Forensics
28 February 2012 by Pravesh Kara

Simple question, hopefully a simple answer: it is an Information Security discipline where the aim is to identify ways to compromise you and/or your organisation.  There is more to it than that, obviously, but that should provide a good starting point!  Many people involved in the industry, such as penetration testers, sales people, information security consultants, etc. all have their own interpretation of penetration testing, and there is a wide ranging view of what it is and … Read More »

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    Get Quote
    • This field is for validation purposes and should be left unchanged.