Ken Munro
@thekenmunroshow.bsky.social
Reposted by Ken Munro
Last week @thekenmunroshow.bsky.social presented at the EEMUA Conference 2025, looking at cyber security challenges shared between maritime and industrial systems in his talk, "Marine cyber security – plain sailing or a rough passage?"
April 1, 2025 at 11:09 AM
Last week @thekenmunroshow.bsky.social presented at the EEMUA Conference 2025, looking at cyber security challenges shared between maritime and industrial systems in his talk, "Marine cyber security – plain sailing or a rough passage?"
It’s always DNS, right? Except when it’s DNSSEC. An interesting issue with NSEC/NSEC3 records that can allow zone walking:
Your DNS security can accidentally leak your entire subdomain structure. DNSSEC with NSEC/NSEC3 records is great for ensuring integrity and authentication but can be a sneaky way for attackers to ‘zone walk’ and enumerate your domains... www.pentestpartners.com/security-blo...
March 4, 2025 at 2:13 PM
It’s always DNS, right? Except when it’s DNSSEC. An interesting issue with NSEC/NSEC3 records that can allow zone walking:
Speaking at the IATA WDS this afternoon: Securing legacy systems in aviation. There might be some floppy discs and old operating systems involved….
February 27, 2025 at 11:51 AM
Speaking at the IATA WDS this afternoon: Securing legacy systems in aviation. There might be some floppy discs and old operating systems involved….
After finding Rockchip MCUs in multiple cheap phones targeted at kids, we realised the bootloader exploit isn’t that well documented. So here you go!
In our latest blog, David Lodge looks at the Rockchip boot process. He covers the boot order and how to force the MCU into low-level modes for direct USB access, as well as essential tools like xrock and rkflashtool: www.pentestpartners.com/security-blo...
February 26, 2025 at 5:13 PM
After finding Rockchip MCUs in multiple cheap phones targeted at kids, we realised the bootloader exploit isn’t that well documented. So here you go!
How do you pen test and assure the security of avionics and airborne systems in a certified, safety- critical environment? ED-203a is a great start: www.pentestpartners.com/security-blo...
February 24, 2025 at 11:17 AM
How do you pen test and assure the security of avionics and airborne systems in a certified, safety- critical environment? ED-203a is a great start: www.pentestpartners.com/security-blo...
Another bucket list item ticked - got to do the Airbus Hamburg factory tour. No photos allowed inside, so this is as good as it gets! Got to see lots of interesting systems and think more about ED-203a and airplane cyber
February 21, 2025 at 3:03 PM
Another bucket list item ticked - got to do the Airbus Hamburg factory tour. No photos allowed inside, so this is as good as it gets! Got to see lots of interesting systems and think more about ED-203a and airplane cyber
Testing OT is complex: go hard at live systems and you'll cause disastrous, terminal outages. If you don't, you will miss critical issues. There's a middle way:
www.pentestpartners.com/security-blo...
www.pentestpartners.com/security-blo...
February 10, 2025 at 10:20 PM
Testing OT is complex: go hard at live systems and you'll cause disastrous, terminal outages. If you don't, you will miss critical issues. There's a middle way:
www.pentestpartners.com/security-blo...
www.pentestpartners.com/security-blo...
Reposted by Ken Munro
We got curious about cheap, tiny phones promoted to children on social media, so we bought a few to see what’s inside...
Read our blog on this here: www.pentestpartners.com/security-blo...
#CyberSecurity #DigitalSafety
Read our blog on this here: www.pentestpartners.com/security-blo...
#CyberSecurity #DigitalSafety
Security Flaws Found in Tiny Phones Promoted to Children
YouTube video by Pen Test Partners
youtube.com
February 7, 2025 at 2:50 PM
We got curious about cheap, tiny phones promoted to children on social media, so we bought a few to see what’s inside...
Read our blog on this here: www.pentestpartners.com/security-blo...
#CyberSecurity #DigitalSafety
Read our blog on this here: www.pentestpartners.com/security-blo...
#CyberSecurity #DigitalSafety
Reposted by Ken Munro
Maritime cybersecurity isn’t just for large fleets—small operators face risks too. Complying with security standards can feel daunting, but it’s important to protect your systems and data from attack.
Read here: www.pentestpartners.com/security-blo...
Read here: www.pentestpartners.com/security-blo...
January 24, 2025 at 11:52 AM
Maritime cybersecurity isn’t just for large fleets—small operators face risks too. Complying with security standards can feel daunting, but it’s important to protect your systems and data from attack.
Read here: www.pentestpartners.com/security-blo...
Read here: www.pentestpartners.com/security-blo...
Bodycams are a really interesting challenge for security - the need to preserve the evidence chain in a mobile device, yet also the need to protect the organisation using them.
How can we protect the integrity and confidentiality of the footage from body-worn cameras in law enforcement?
Alex Lomas has outlined how encryption, integrity verification, and security measures can protect these devices so that the footage remains reliable www.pentestpartners.com/security-blo...
Alex Lomas has outlined how encryption, integrity verification, and security measures can protect these devices so that the footage remains reliable www.pentestpartners.com/security-blo...
January 22, 2025 at 4:33 PM
Bodycams are a really interesting challenge for security - the need to preserve the evidence chain in a mobile device, yet also the need to protect the organisation using them.
🤦♂️ Malware artefacts and worse on phones marketed to children…
We got curious about cheap, tiny phones promoted to children on social media, so we bought a few to see what’s inside.
What did we find? Alarming security issues that parents need to know about: www.pentestpartners.com/security-blo...
#CyberSecurity #CyberAwareness #GadgetSafety #TechNews
What did we find? Alarming security issues that parents need to know about: www.pentestpartners.com/security-blo...
#CyberSecurity #CyberAwareness #GadgetSafety #TechNews
January 15, 2025 at 2:24 PM
🤦♂️ Malware artefacts and worse on phones marketed to children…
New career awaits: washing the PTP CAN hacking demo car for some TV filming today
December 11, 2024 at 10:06 AM
New career awaits: washing the PTP CAN hacking demo car for some TV filming today
Door access pass cloning is a real risk, but it doesn't have to be. Simple config changes can hugely reduce risk: www.pentestpartners.com/security-blo...
December 9, 2024 at 5:25 PM
Door access pass cloning is a real risk, but it doesn't have to be. Simple config changes can hugely reduce risk: www.pentestpartners.com/security-blo...
Reposted by Ken Munro
Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy.
But is it enough to only have a secure boot on your main processor?
What about sub-systems without secure boot capabilities? 🤔
www.pentestpartners.com/security-blo...
But is it enough to only have a secure boot on your main processor?
What about sub-systems without secure boot capabilities? 🤔
www.pentestpartners.com/security-blo...
December 5, 2024 at 11:46 AM
Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy.
But is it enough to only have a secure boot on your main processor?
What about sub-systems without secure boot capabilities? 🤔
www.pentestpartners.com/security-blo...
But is it enough to only have a secure boot on your main processor?
What about sub-systems without secure boot capabilities? 🤔
www.pentestpartners.com/security-blo...
Incident preparation doesn't always have to be complex and technical. Sometimes the simplest things can make a big difference. Where do you keep your insurance documents, for example? Not much use if they are on a ransomed network share....
www.pentestpartners.com/security-blo...
www.pentestpartners.com/security-blo...
December 3, 2024 at 4:11 PM
Incident preparation doesn't always have to be complex and technical. Sometimes the simplest things can make a big difference. Where do you keep your insurance documents, for example? Not much use if they are on a ransomed network share....
www.pentestpartners.com/security-blo...
www.pentestpartners.com/security-blo...
Just occasionally, detail of hacks at ports emerge in legal documentation. Here's another one to add, showing the efforts that drug smugglers make to exploit shipping & port technology, together with coercion of the people involved: www.pentestpartners.com/security-blo...
November 26, 2024 at 4:01 PM
Just occasionally, detail of hacks at ports emerge in legal documentation. Here's another one to add, showing the efforts that drug smugglers make to exploit shipping & port technology, together with coercion of the people involved: www.pentestpartners.com/security-blo...
I met Viktor at BSides Bristol, we had a chat after and he kindly invited me on his podcast. We covered lots of topics, but all areas I'm passionate about. Hope you enjoy it!
vpetersson.com/podcast/S01E...
vpetersson.com/podcast/S01E...
Hacking airplanes, ships and IoT devices with Ken Munro
Join Viktor Petersson on this episode of Nerding Out as he dives into the world of GPS systems and maritime security with special guest Ken Munro. From exploring the different types of GPS systems, in...
vpetersson.com
November 21, 2024 at 3:26 PM
I met Viktor at BSides Bristol, we had a chat after and he kindly invited me on his podcast. We covered lots of topics, but all areas I'm passionate about. Hope you enjoy it!
vpetersson.com/podcast/S01E...
vpetersson.com/podcast/S01E...
The shortage of rental property in the UK is creating opportunity for scammers to con desperate potential renters. We helped Channel 4 track them down for the UNTOLD series. @tbroberts02.bsky.social explains, with plenty of helpful advice: www.pentestpartners.com/security-blo...
November 21, 2024 at 3:16 PM
The shortage of rental property in the UK is creating opportunity for scammers to con desperate potential renters. We helped Channel 4 track them down for the UNTOLD series. @tbroberts02.bsky.social explains, with plenty of helpful advice: www.pentestpartners.com/security-blo...
Anyone here ever seen a used Catapult Vector receiver for sale? I’ve searched hard, but looks like only route is a $50k complete system purchase from them direct, new! Ideas welcomed, from an inquisitive Northampton Saints fan…
November 17, 2024 at 11:40 AM
Anyone here ever seen a used Catapult Vector receiver for sale? I’ve searched hard, but looks like only route is a $50k complete system purchase from them direct, new! Ideas welcomed, from an inquisitive Northampton Saints fan…