By me @forbes.com: Accessing restricted SharePoint passwords using Copilot AI. Excellent work by @pentestpartners.bsky.social, Jack Barradell-Johns and @thekenmunroshow.bsky.social
#infosec
www.forbes.com/sites/daveyw...
The Microsoft sharepoint logo (teal shapes with an "S") has a text bubble saying: "That file is restricted!" A human (with their face obscured) in a black hoodie (printed with: clichéd h4x0r) says: "Copilot, I really need those passwords" The Microsoft copilot logo (a rainbow swirly shape) replies: "OK, here you go..."
Our #RedTeam came across a massive #SharePoint, too much to explore manually.
So, with some careful prompting, they asked #Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
📌 www.pentestpartners.com/security-blo...
#AIsecurity
🔐 Your passwords say more than you might think…
In our latest blog post, Pedro Venda shares some of the surprising insights hiding behind the passwords we choose and why it matters for security.
📌 www.pentestpartners.com/security-blo...
We hosted an away day for the UK easyJet security team, sharing insights, collaborating and discussing all things aviation security. ✈️
#AviationSecurity #CyberSecurity #SecurityCollaboration #KnowledgeSharing #WorkingTogether #AviationInsights
We are exhibiting! 🚨
There’ll be live demos, discussions, and friendly faces...
Come see us at the RSA Conference 2025 in San Francisco. We are at booth S-2144 in the South Expo from April 28th to May 1st.
➡️ www.pentestpartners.com/event/rsa-co...
#RSAC2025 #RSAC #CyberSecurity #InfoSec
Is your phone secretly listening to you?
Well… yes
But not how you might think, Ken Munro explains...
youtube.com/shorts/Y9KZu...
Data breaches usually make the headlines because of the sheer volume of data. However, research shows that often the volume of data is falsely inflated.
So, how do forensics experts tell what’s real and what’s noise?
read here: www.pentestpartners.com/security-blo...
Sometimes you just can’t beat being in the same room.
We’ve just wrapped up another round of co-working days across the UK, including London, Buckingham, Birmingham, Sheffield, Cardiff, Edinburgh, and Portsmouth.
A great chance for our team to meet up, share ideas, and collaborate.
#HybridWork
Using your work email for personal use may seem convenient, but it can put your company at risk. 🚫
If that third-party site gets breached, corporate credentials could fall into the wrong hands. For further details and tips for businesses to limit this risk: www.pentestpartners.com/security-blo...
Last week, Ken Munro and Jo Dalton were in Munich for Aerospace Tech Week. Ken Munro was talking about hacking electronic flight bags and the importance of security vulnerability disclosure in aerospace ✈️…
From August 1, 2025, any wireless device sold in the EU will need to meet stricter cybersecurity requirements under the Radio Equipment Directive (RED).
We’ve broken down what this means and how to get ready in our latest blog post: www.pentestpartners.com/security-blo...
Last week @thekenmunroshow.bsky.social presented at the EEMUA Conference 2025, looking at cyber security challenges shared between maritime and industrial systems in his talk, "Marine cyber security – plain sailing or a rough passage?"
Released by Intel in 1998, IPMI is a hardware management interface operating independently of the OS. Our latest blog post by Kieran looks at INTEL IPMI vulnerabilities and how to mitigate them
➡️ www.pentestpartners.com/security-blo...
Our Sam Macdonald presented a talk on dealing with imposter syndrome at BSides Kent last weekend.
#BSidesKent #CyberCommunity #BSides #MentalHealth #ImposterSyndrome #Conference
If your organisation suffers a cyber incident, what you do next will determine the outcome. Our latest blog post is a practical playbook for the first 24 hours after a cyber incident...
Read the blog post and our checklist here: www.pentestpartners.com/security-blo...
@thekenmunroshow.bsky.social presented at the Maritime Cyber Guild 2025 meet up in Copenhagen, talking all things shipping with some photos of the Network Ferret himself, Andrew Tierney. 🚢
#maritimecybersecurity #maritimesecurity #cybersecurity #infosec #maritimesafety
Benefiting newbies, experts, and everyone in between, cybersecurity community groups are an excellent way to network and learn 💻 ...
Our latest blog post by Nick Simpson looks at how you can find UK groups, including OWASP, DEF CON groups, 2600 and more: www.pentestpartners.com/security-blo...
Our Warren Houghton is back at it again with Nerding Out with Viktor. Warren shares fascinating insights into how he successfully infiltrates secure spaces and bypasses sophisticated defences.
Watch the full episode here: vpetersson.com/podcast/S02E...
In our latest blog post, Kieran Larking highlights that the No-cache directive does not prevent caching and looks at typical caching behaviour directives and how to correctly use these directives to balance performance and security: www.pentestpartners.com/security-blo...
Looking to become a Cyber Essentials assessor?
In our latest blog post, Ekom Ibiok shares his journey to becoming a Cyber Essentials and Cyber Essentials Plus assessor with insights to help you on your own path: www.pentestpartners.com/security-blo...
Your DNS security can accidentally leak your entire subdomain structure. DNSSEC with NSEC/NSEC3 records is great for ensuring integrity and authentication but can be a sneaky way for attackers to ‘zone walk’ and enumerate your domains... www.pentestpartners.com/security-blo...
Last week Ken Munro and Matt Dowson were in Dublin, Ireland, for the IATA World Data Symposium. We presented a talk covering some of the significant legacy cybersecurity risks in aviation systems.
#AviationCybersecurity #IATAWDS #LegacySystems #AviationSafety #CyberThreats
There are new mandatory United States Coast Guard cyber regulations for US flagged vessels and ports that come into effect on July 16. Be prepared. Full details and advice here: www.pentestpartners.com/security-blo...
#USCG #cyberregulations #maritimesecurity #cybercompliance #cyberawareness
In our latest blog, David Lodge looks at the Rockchip boot process. He covers the boot order and how to force the MCU into low-level modes for direct USB access, as well as essential tools like xrock and rkflashtool: www.pentestpartners.com/security-blo...
Ken Munro recently presented at BCS The Chartered Institute of IT with an evening on hacking various transport systems, including planes, trains, automobiles, and ships…
In aviation, cybersecurity is not optional. The industry recognises that ensuring safety requires a consistent, standardised approach. Alex Lomas explains the process of conducting avionics penetration tests, looking at each stage in line with ED-203A: 👉 www.pentestpartners.com/security-blo...
We got curious about cheap, tiny phones promoted to children on social media, so we bought a few to see what’s inside...
Read our blog on this here: www.pentestpartners.com/security-blo...
#CyberSecurity #DigitalSafety
In 2016, the first strain of Mirai distributed DDoS attacks against Twitter, Facebook, and KrebsOnSecurity. Initially, it was misunderstood as an IoT botnet. However, our reverse engineering revealed that it targeted digital video recorder software from a single vendor: youtu.be/5gYN
We revisited wearable device forensics to show how someone could gain unauthorised access to a Garmin smartwatch and expose your data such as activity logs, GPS data, sleep patterns, and device information: www.pentestpartners.com/security-blo...
Maritime cybersecurity isn’t just for large fleets—small operators face risks too. Complying with security standards can feel daunting, but it’s important to protect your systems and data from attack.
Read here: www.pentestpartners.com/security-blo...