Pen Test Partners
@pentestpartners.bsky.social
Reposted by Pen Test Partners
By me @forbes.com: Accessing restricted SharePoint passwords using Copilot AI. Excellent work by @pentestpartners.bsky.social, Jack Barradell-Johns and @thekenmunroshow.bsky.social
#infosec
www.forbes.com/sites/daveyw...
#infosec
www.forbes.com/sites/daveyw...
New Warning — Microsoft Copilot AI Can Access Restricted Passwords
Red team hackers have accessed restricted passwords using Microsoft’s Copilot AI for SharePoint — here’s what you need to know.
www.forbes.com
May 14, 2025 at 1:20 PM
By me @forbes.com: Accessing restricted SharePoint passwords using Copilot AI. Excellent work by @pentestpartners.bsky.social, Jack Barradell-Johns and @thekenmunroshow.bsky.social
#infosec
www.forbes.com/sites/daveyw...
#infosec
www.forbes.com/sites/daveyw...
Our #RedTeam came across a massive #SharePoint, too much to explore manually.
So, with some careful prompting, they asked #Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
📌 www.pentestpartners.com/security-blo...
#AIsecurity
So, with some careful prompting, they asked #Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
📌 www.pentestpartners.com/security-blo...
#AIsecurity
May 8, 2025 at 4:02 PM
Our #RedTeam came across a massive #SharePoint, too much to explore manually.
So, with some careful prompting, they asked #Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
📌 www.pentestpartners.com/security-blo...
#AIsecurity
So, with some careful prompting, they asked #Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
📌 www.pentestpartners.com/security-blo...
#AIsecurity
🔐 Your passwords say more than you might think…
In our latest blog post, Pedro Venda shares some of the surprising insights hiding behind the passwords we choose and why it matters for security.
📌 www.pentestpartners.com/security-blo...
In our latest blog post, Pedro Venda shares some of the surprising insights hiding behind the passwords we choose and why it matters for security.
📌 www.pentestpartners.com/security-blo...
April 29, 2025 at 11:43 AM
🔐 Your passwords say more than you might think…
In our latest blog post, Pedro Venda shares some of the surprising insights hiding behind the passwords we choose and why it matters for security.
📌 www.pentestpartners.com/security-blo...
In our latest blog post, Pedro Venda shares some of the surprising insights hiding behind the passwords we choose and why it matters for security.
📌 www.pentestpartners.com/security-blo...
We hosted an away day for the UK easyJet security team, sharing insights, collaborating and discussing all things aviation security. ✈️
#AviationSecurity #CyberSecurity #SecurityCollaboration #KnowledgeSharing #WorkingTogether #AviationInsights
#AviationSecurity #CyberSecurity #SecurityCollaboration #KnowledgeSharing #WorkingTogether #AviationInsights
April 24, 2025 at 10:53 AM
We hosted an away day for the UK easyJet security team, sharing insights, collaborating and discussing all things aviation security. ✈️
#AviationSecurity #CyberSecurity #SecurityCollaboration #KnowledgeSharing #WorkingTogether #AviationInsights
#AviationSecurity #CyberSecurity #SecurityCollaboration #KnowledgeSharing #WorkingTogether #AviationInsights
We are exhibiting! 🚨
There’ll be live demos, discussions, and friendly faces...
Come see us at the RSA Conference 2025 in San Francisco. We are at booth S-2144 in the South Expo from April 28th to May 1st.
➡️ www.pentestpartners.com/event/rsa-co...
#RSAC2025 #RSAC #CyberSecurity #InfoSec
There’ll be live demos, discussions, and friendly faces...
Come see us at the RSA Conference 2025 in San Francisco. We are at booth S-2144 in the South Expo from April 28th to May 1st.
➡️ www.pentestpartners.com/event/rsa-co...
#RSAC2025 #RSAC #CyberSecurity #InfoSec
April 22, 2025 at 12:15 PM
We are exhibiting! 🚨
There’ll be live demos, discussions, and friendly faces...
Come see us at the RSA Conference 2025 in San Francisco. We are at booth S-2144 in the South Expo from April 28th to May 1st.
➡️ www.pentestpartners.com/event/rsa-co...
#RSAC2025 #RSAC #CyberSecurity #InfoSec
There’ll be live demos, discussions, and friendly faces...
Come see us at the RSA Conference 2025 in San Francisco. We are at booth S-2144 in the South Expo from April 28th to May 1st.
➡️ www.pentestpartners.com/event/rsa-co...
#RSAC2025 #RSAC #CyberSecurity #InfoSec
Is your phone secretly listening to you?
Well… yes
But not how you might think, Ken Munro explains...
youtube.com/shorts/Y9KZu...
Well… yes
But not how you might think, Ken Munro explains...
youtube.com/shorts/Y9KZu...
Is your phone secretly listening to you? Well… yes
YouTube video by Pen Test Partners
youtube.com
April 17, 2025 at 11:36 AM
Is your phone secretly listening to you?
Well… yes
But not how you might think, Ken Munro explains...
youtube.com/shorts/Y9KZu...
Well… yes
But not how you might think, Ken Munro explains...
youtube.com/shorts/Y9KZu...
Data breaches usually make the headlines because of the sheer volume of data. However, research shows that often the volume of data is falsely inflated.
So, how do forensics experts tell what’s real and what’s noise?
read here: www.pentestpartners.com/security-blo...
So, how do forensics experts tell what’s real and what’s noise?
read here: www.pentestpartners.com/security-blo...
April 15, 2025 at 11:34 AM
Data breaches usually make the headlines because of the sheer volume of data. However, research shows that often the volume of data is falsely inflated.
So, how do forensics experts tell what’s real and what’s noise?
read here: www.pentestpartners.com/security-blo...
So, how do forensics experts tell what’s real and what’s noise?
read here: www.pentestpartners.com/security-blo...
Sometimes you just can’t beat being in the same room.
We’ve just wrapped up another round of co-working days across the UK, including London, Buckingham, Birmingham, Sheffield, Cardiff, Edinburgh, and Portsmouth.
A great chance for our team to meet up, share ideas, and collaborate.
#HybridWork
We’ve just wrapped up another round of co-working days across the UK, including London, Buckingham, Birmingham, Sheffield, Cardiff, Edinburgh, and Portsmouth.
A great chance for our team to meet up, share ideas, and collaborate.
#HybridWork
April 14, 2025 at 11:06 AM
Sometimes you just can’t beat being in the same room.
We’ve just wrapped up another round of co-working days across the UK, including London, Buckingham, Birmingham, Sheffield, Cardiff, Edinburgh, and Portsmouth.
A great chance for our team to meet up, share ideas, and collaborate.
#HybridWork
We’ve just wrapped up another round of co-working days across the UK, including London, Buckingham, Birmingham, Sheffield, Cardiff, Edinburgh, and Portsmouth.
A great chance for our team to meet up, share ideas, and collaborate.
#HybridWork
Using your work email for personal use may seem convenient, but it can put your company at risk. 🚫
If that third-party site gets breached, corporate credentials could fall into the wrong hands. For further details and tips for businesses to limit this risk: www.pentestpartners.com/security-blo...
If that third-party site gets breached, corporate credentials could fall into the wrong hands. For further details and tips for businesses to limit this risk: www.pentestpartners.com/security-blo...
April 9, 2025 at 10:25 AM
Using your work email for personal use may seem convenient, but it can put your company at risk. 🚫
If that third-party site gets breached, corporate credentials could fall into the wrong hands. For further details and tips for businesses to limit this risk: www.pentestpartners.com/security-blo...
If that third-party site gets breached, corporate credentials could fall into the wrong hands. For further details and tips for businesses to limit this risk: www.pentestpartners.com/security-blo...
Last week, Ken Munro and Jo Dalton were in Munich for Aerospace Tech Week. Ken Munro was talking about hacking electronic flight bags and the importance of security vulnerability disclosure in aerospace ✈️…
April 8, 2025 at 2:57 PM
Last week, Ken Munro and Jo Dalton were in Munich for Aerospace Tech Week. Ken Munro was talking about hacking electronic flight bags and the importance of security vulnerability disclosure in aerospace ✈️…
From August 1, 2025, any wireless device sold in the EU will need to meet stricter cybersecurity requirements under the Radio Equipment Directive (RED).
We’ve broken down what this means and how to get ready in our latest blog post: www.pentestpartners.com/security-blo...
We’ve broken down what this means and how to get ready in our latest blog post: www.pentestpartners.com/security-blo...
April 3, 2025 at 11:30 AM
From August 1, 2025, any wireless device sold in the EU will need to meet stricter cybersecurity requirements under the Radio Equipment Directive (RED).
We’ve broken down what this means and how to get ready in our latest blog post: www.pentestpartners.com/security-blo...
We’ve broken down what this means and how to get ready in our latest blog post: www.pentestpartners.com/security-blo...
Last week @thekenmunroshow.bsky.social presented at the EEMUA Conference 2025, looking at cyber security challenges shared between maritime and industrial systems in his talk, "Marine cyber security – plain sailing or a rough passage?"
April 1, 2025 at 11:09 AM
Last week @thekenmunroshow.bsky.social presented at the EEMUA Conference 2025, looking at cyber security challenges shared between maritime and industrial systems in his talk, "Marine cyber security – plain sailing or a rough passage?"
Released by Intel in 1998, IPMI is a hardware management interface operating independently of the OS. Our latest blog post by Kieran looks at INTEL IPMI vulnerabilities and how to mitigate them
➡️ www.pentestpartners.com/security-blo...
➡️ www.pentestpartners.com/security-blo...
March 31, 2025 at 11:23 AM
Released by Intel in 1998, IPMI is a hardware management interface operating independently of the OS. Our latest blog post by Kieran looks at INTEL IPMI vulnerabilities and how to mitigate them
➡️ www.pentestpartners.com/security-blo...
➡️ www.pentestpartners.com/security-blo...
Our Sam Macdonald presented a talk on dealing with imposter syndrome at BSides Kent last weekend.
#BSidesKent #CyberCommunity #BSides #MentalHealth #ImposterSyndrome #Conference
#BSidesKent #CyberCommunity #BSides #MentalHealth #ImposterSyndrome #Conference
March 25, 2025 at 1:32 PM
Our Sam Macdonald presented a talk on dealing with imposter syndrome at BSides Kent last weekend.
#BSidesKent #CyberCommunity #BSides #MentalHealth #ImposterSyndrome #Conference
#BSidesKent #CyberCommunity #BSides #MentalHealth #ImposterSyndrome #Conference
If your organisation suffers a cyber incident, what you do next will determine the outcome. Our latest blog post is a practical playbook for the first 24 hours after a cyber incident...
Read the blog post and our checklist here: www.pentestpartners.com/security-blo...
Read the blog post and our checklist here: www.pentestpartners.com/security-blo...
March 24, 2025 at 12:06 PM
If your organisation suffers a cyber incident, what you do next will determine the outcome. Our latest blog post is a practical playbook for the first 24 hours after a cyber incident...
Read the blog post and our checklist here: www.pentestpartners.com/security-blo...
Read the blog post and our checklist here: www.pentestpartners.com/security-blo...
@thekenmunroshow.bsky.social presented at the Maritime Cyber Guild 2025 meet up in Copenhagen, talking all things shipping with some photos of the Network Ferret himself, Andrew Tierney. 🚢
#maritimecybersecurity #maritimesecurity #cybersecurity #infosec #maritimesafety
#maritimecybersecurity #maritimesecurity #cybersecurity #infosec #maritimesafety
March 20, 2025 at 4:52 PM
@thekenmunroshow.bsky.social presented at the Maritime Cyber Guild 2025 meet up in Copenhagen, talking all things shipping with some photos of the Network Ferret himself, Andrew Tierney. 🚢
#maritimecybersecurity #maritimesecurity #cybersecurity #infosec #maritimesafety
#maritimecybersecurity #maritimesecurity #cybersecurity #infosec #maritimesafety
Benefiting newbies, experts, and everyone in between, cybersecurity community groups are an excellent way to network and learn 💻 ...
Our latest blog post by Nick Simpson looks at how you can find UK groups, including OWASP, DEF CON groups, 2600 and more: www.pentestpartners.com/security-blo...
Our latest blog post by Nick Simpson looks at how you can find UK groups, including OWASP, DEF CON groups, 2600 and more: www.pentestpartners.com/security-blo...
March 19, 2025 at 1:07 PM
Benefiting newbies, experts, and everyone in between, cybersecurity community groups are an excellent way to network and learn 💻 ...
Our latest blog post by Nick Simpson looks at how you can find UK groups, including OWASP, DEF CON groups, 2600 and more: www.pentestpartners.com/security-blo...
Our latest blog post by Nick Simpson looks at how you can find UK groups, including OWASP, DEF CON groups, 2600 and more: www.pentestpartners.com/security-blo...
Our Warren Houghton is back at it again with Nerding Out with Viktor. Warren shares fascinating insights into how he successfully infiltrates secure spaces and bypasses sophisticated defences.
Watch the full episode here: vpetersson.com/podcast/S02E...
Watch the full episode here: vpetersson.com/podcast/S02E...
March 14, 2025 at 3:32 PM
Our Warren Houghton is back at it again with Nerding Out with Viktor. Warren shares fascinating insights into how he successfully infiltrates secure spaces and bypasses sophisticated defences.
Watch the full episode here: vpetersson.com/podcast/S02E...
Watch the full episode here: vpetersson.com/podcast/S02E...
In our latest blog post, Kieran Larking highlights that the No-cache directive does not prevent caching and looks at typical caching behaviour directives and how to correctly use these directives to balance performance and security: www.pentestpartners.com/security-blo...
March 12, 2025 at 1:03 PM
In our latest blog post, Kieran Larking highlights that the No-cache directive does not prevent caching and looks at typical caching behaviour directives and how to correctly use these directives to balance performance and security: www.pentestpartners.com/security-blo...
Looking to become a Cyber Essentials assessor?
In our latest blog post, Ekom Ibiok shares his journey to becoming a Cyber Essentials and Cyber Essentials Plus assessor with insights to help you on your own path: www.pentestpartners.com/security-blo...
In our latest blog post, Ekom Ibiok shares his journey to becoming a Cyber Essentials and Cyber Essentials Plus assessor with insights to help you on your own path: www.pentestpartners.com/security-blo...
March 6, 2025 at 11:42 AM
Looking to become a Cyber Essentials assessor?
In our latest blog post, Ekom Ibiok shares his journey to becoming a Cyber Essentials and Cyber Essentials Plus assessor with insights to help you on your own path: www.pentestpartners.com/security-blo...
In our latest blog post, Ekom Ibiok shares his journey to becoming a Cyber Essentials and Cyber Essentials Plus assessor with insights to help you on your own path: www.pentestpartners.com/security-blo...
Your DNS security can accidentally leak your entire subdomain structure. DNSSEC with NSEC/NSEC3 records is great for ensuring integrity and authentication but can be a sneaky way for attackers to ‘zone walk’ and enumerate your domains... www.pentestpartners.com/security-blo...
March 4, 2025 at 12:45 PM
Your DNS security can accidentally leak your entire subdomain structure. DNSSEC with NSEC/NSEC3 records is great for ensuring integrity and authentication but can be a sneaky way for attackers to ‘zone walk’ and enumerate your domains... www.pentestpartners.com/security-blo...
Last week Ken Munro and Matt Dowson were in Dublin, Ireland, for the IATA World Data Symposium. We presented a talk covering some of the significant legacy cybersecurity risks in aviation systems.
#AviationCybersecurity #IATAWDS #LegacySystems #AviationSafety #CyberThreats
#AviationCybersecurity #IATAWDS #LegacySystems #AviationSafety #CyberThreats
March 3, 2025 at 12:19 PM
Last week Ken Munro and Matt Dowson were in Dublin, Ireland, for the IATA World Data Symposium. We presented a talk covering some of the significant legacy cybersecurity risks in aviation systems.
#AviationCybersecurity #IATAWDS #LegacySystems #AviationSafety #CyberThreats
#AviationCybersecurity #IATAWDS #LegacySystems #AviationSafety #CyberThreats
There are new mandatory United States Coast Guard cyber regulations for US flagged vessels and ports that come into effect on July 16. Be prepared. Full details and advice here: www.pentestpartners.com/security-blo...
#USCG #cyberregulations #maritimesecurity #cybercompliance #cyberawareness
#USCG #cyberregulations #maritimesecurity #cybercompliance #cyberawareness
February 28, 2025 at 12:12 PM
There are new mandatory United States Coast Guard cyber regulations for US flagged vessels and ports that come into effect on July 16. Be prepared. Full details and advice here: www.pentestpartners.com/security-blo...
#USCG #cyberregulations #maritimesecurity #cybercompliance #cyberawareness
#USCG #cyberregulations #maritimesecurity #cybercompliance #cyberawareness
In our latest blog, David Lodge looks at the Rockchip boot process. He covers the boot order and how to force the MCU into low-level modes for direct USB access, as well as essential tools like xrock and rkflashtool: www.pentestpartners.com/security-blo...
February 26, 2025 at 12:28 PM
In our latest blog, David Lodge looks at the Rockchip boot process. He covers the boot order and how to force the MCU into low-level modes for direct USB access, as well as essential tools like xrock and rkflashtool: www.pentestpartners.com/security-blo...
Ken Munro recently presented at BCS The Chartered Institute of IT with an evening on hacking various transport systems, including planes, trains, automobiles, and ships…
February 24, 2025 at 3:33 PM
Ken Munro recently presented at BCS The Chartered Institute of IT with an evening on hacking various transport systems, including planes, trains, automobiles, and ships…