How to Test and Secure a WordPress Site

WordPress is the most popular content management system in the world with over 40% of all websites running on this open-source platform. Given its popularity, WordPress’s core source code is regularly reviewed and heavily dissected by its community, making the core software relatively secure when compared to custom-built web applications. However, this doesn’t mean that […]
LLMNR/NBT-NS Poisoning on Windows Domain Environments

While many organisations are adopting cloud-based services and moving away from on-premises infrastructure, a large proportion of IT setups are still reliant on Window’s Active Directory (AD) Domain Services somewhere within their network. Active Directory environments can become a playground for attackers, especially with certain misconfigurations. Once an attacker breaches an AD administered local network, […]
Protecting Your Web Application From Brute-Force Login Attacks

Capitalising on simplicity, brute-force attacks have long been the noisy and least elegant method of exploiting authentication mechanisms. The origins of brute-force techniques date back to the wartime code breaking of Bletchley Park and have since evolved to become a well known but elementary approach attackers use to gain unauthorised access to services and user […]
Vulnerability Assessment vs. Penetration Testing: What’s the Difference?

It can be easy to mistake vulnerability assessments and penetration testing as the same service. The chronic misbranding of vulnerability assessments as penetration tests within the security industry has led to a blurring of lines between the two services. In this blog we look at what makes each service different and discuss their pros and […]