Ethical Hacking Welcome to the first of a series of posts addressing what it takes to be an ethical hacker, written by Perspective Risk’s Penetration Tester Marius Cociorba. Each week he discusses one element he considers key to being a security consultant, especially in the context of pen testing. References to further reading are included where helpful. Volumes have been written about careers in the infosec industry, many of which influenced Marius when he began his journey in … Read More »
Pentesting – A Guide to Buying What to check before purchasing a Penetration Test As a first time buyer looking for a pentesting provider, or perhaps a second time buyer with lightly toasted fingers, what criteria should you use when selecting a penetration testing company? Choosing a pentest supplier can present a risk in itself. In our Buyer’s Guide for Penetration Testing, we help you to navigate your way across the potentially choppy waters and advise on: … Read More »
The Cyber Essentials Assessment Welcome to the first of our Cyber Essentials (CE) series, where our sysadmin Neil Gibb tackles the unattractively named Bloatware and shows why it’s a barrier to valuable CE certification. Preparing your corporate network for the Cyber Essentials or Cyber Essentials Plus assessment can be daunting, and often presents more questions than answers. In this series we set out to answer the common questions. We’ll share practical, step-by-step guidance and help you on your journey … Read More »
Your Digital Privacy – Whose Responsibility Is It Anyway? Welcome to this blog post by one of PR’s data protection experts, under his pen name Fin McIntyre. The main problem in the digital world right now is you. Cast your mind back (or, if you’re a millennial, imagine) to a time when the biggest risk to your personal information was leaving your wallet on the bus, not falling victim to cyber crime and having it sold off on … Read More »
No. 1: Accountability and Data Ownership in the Cloud Welcome to the first of five posts addressing the security of your data in the cloud by Perspective Risk’s cyber risk specialist Sasha Raljic. The beginning of March saw Amazon’s Web Services in meltdown. In simple terms, this meant its business customers – circa 350,000 organisations – were stymied. Websites, back-end storage, apps and Internet of Things gadgets relying on the platform were summarily knocked offline for five … Read More »
Protect Your Premises: Tips from PR’s Security Experts Two of Perspective Risk’s physical security specialists – Abdul Ikbal and Neil Gibb – share advice for improving the security of your building against criminals, malicious insiders and careless staff. Other security consultants and many clients are often surprised to learn that we can usually compromise a building’s security perimeter in under an hour. One customer commented: “It would be great to have a reference to prepare us … Read More »
Think your Defences are Hard to Breach? Think Again Greetings to the last in our Breakfast series by Perspective Risk’s (PR’s) cyber-security expert Abdul Ikbal. In this post, Abdul tells how seemingly small chinks in an organisation’s armour can enable attackers to make huge gains. Red Teaming – what we’ve learned so far During this series I’ve shown how I can compromise your security by: Breaking into your building Convincing you to handover your password Seeing … Read More »
Web Application Risks: Broken Authentication Welcome to the first of five posts addressing the typical vulnerabilities found in web applications. Here, Perspective Risk’s Senior Security Consultant Kai Stimpson looks at broken authentication and how to prevent it. Neglecting to incorporate a robust authentication solution into your web app can lead to a threat actor gaining unauthorised access to it, compromising the confidentiality of your users’ data. Common Pitfalls in Web App Authentication Solutions When performing an in-depth … Read More »
A Phishy Tale: Click and I’m Inside your Network Greetings to the latest in our Breakfast Series by Perspective Risk’s (PR’s) Red Teamer Abdul Ikbal, where he advises on network security and share insights in the life of an ethical hacker. In this blog he tells how he – and the bad guys – can access your network and how to improve your security. You can catch up on the series here: How I break into your building, … Read More »
Perspective Risk Identifies Vulnerability in ManageEngine Products Welcome to this technical blog by Perspective Risk’s InfoSec specialist Sasha Raljic in relation to a vulnerability he recently discovered in the ManageEngine products. Raljic responsibly disclosed the vulnerability to the vendor and they released a fix on the 25th of January, hence the publication of this information 24 hours later. Sasha Raljic Twitter: @RSasha512 Introduction to ManageEngine Products OpManager and Netflow Analyzer are two products made and distributed by … Read More »
I Can See You! Open Source Intelligence (OSINT) Welcome to no. 4 of our Breakfast Series by Perspective Risk’s senior cyber security consultant Abdul Ikbal. These posts are designed to give you some insights into the world of information security over your cornflakes. If there’s no free plastic toy in your box, expect to find some goodies here. Whether you’re looking to improve your organisation’s security or have an interest in working in infosec, read on. And … Read More »
Our choice of the best Information Security Blogs of 2016 We asked our seasoned Cyber Security specialists to choose their top InfoSec blogs from last year. The result is a hand-picked box of cyber security treasures for your delectation. Backslash Powered Scanning: Hunting Unknown Vulnerability Classes An interesting post by James Kettle of Portswigger Web Security on an alternative approach for fuzzing applications. One of the more notable techniques from last year and great for those looking to … Read More »
PR maintains status as an ISO Certified Company Perspective Risk’s (PR’s) directors are pleased to announce that following an independent audit in December, our status as an ISO Certified company was confirmed for the sixth year running. The external audit addressed PR’s compliance with two international standards: ISO 9001:2008 and ISO 27001:2013. Zero non-conformances were recorded. The ISO auditor commented that PR’s quality management systems were among the “most well-documented and best applied” he had … Read More »
Red Teaming: Can I has your password? Greetings to no. 3 of our ‘Breakfast Series’ by PR’s senior consultant Abdul Ikbal. Abs specialises in cyber security, has been in the industry for over five years, and is a valued member of our Red Team. Here he shares advice on password security. You can catch Abs’ previous breakfast posts here: How I break into your building and Pentest interview do’s and don’ts. I will find the flaws in your … Read More »
Top Tips for a Pentest Interview Welcome to the second of our ‘Breakfast Series’ by information security specialist Abdul Ikbal. You can catch the first one here: How I can gain access to your building. This series is designed as a quick read over your morning coffee, or, if you’re reading this over the festive holiday, your morning eggnog. Abs is one of Perspective Risk’s Managing Consultants and has conducted more interviews for penetration testers than you’ve … Read More »
Happy Christmas from all at Perspective Risk We decided not to send Christmas cards to our customers this year, and instead donate the cost to a charity we’ve come to know well over the past few months. Christians Against Poverty helps 20,000 people a year – regardless of their religious beliefs – to free themselves from debt. We’ve been helping the charity with their information security and admire the work they do. They are also great people. … Read More »
Red Teaming: How I can gain access to your building Welcome to the first of our ‘Breakfast Series’ by cyber security expert Abdul Ikbal. These posts are designed as short snappy reads whilst enjoying your bowl of captain crunch, or during your much loved morning commute #sarcasm, without nodding off or closing the tab on your browser. A bit about me. I’m Abs, one of PR’s Managing Consultants. An unconventional leader (trying to be anyway) who loves … Read More »
Maximise the benefits of your Pen Test In this second part of our occasional series ‘Make the most of your Pen Testing‘ by our cyber security specialist Tom Sherwood, we help you take care of some security basics ahead of your pen test. This way, your consultant will have more time to focus on the trickier elements of your information security. In this post we look at 5 ways you can carry out simple hardening of … Read More »
A customer focused appointment Perspective Risk’s (PR’s) Directors have pleasure announcing the appointment of cyber-security expert Andy Mayo, who joins the business development unit. Andy is well-placed to support PR’s growing customer base, evidenced by a wealth of experience and qualifications, including CCNA, MSCA and CISSP. Andy has provided security consultancy to several large brands, notably Vodafone, Formula One, KPMG, Virgin and the BBC. He has a particular interest in managed security services, mobile and data forensics, … Read More »
Kerberos: Enumerating Domain Usernames Enumerating domain account names Welcome to a technical blog post for Penetration Testers by our Principal Security Consultant, Matt Byrne. In recent years, enumerating valid operating system level user names from up-to-date, well maintained Windows environments – even from an internal test perspective, has become increasingly unlikely. Where RID cycling once provided a full list of domain users, this is no longer the case. However, for internal assessments, the Kerberos service (88/tcp) still … Read More »
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.