|
By Keiran Mather
This is a Bulletproof Tech Talk article: original research from our red team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. This blog looks at obfuscating Linux Symbols using dl_iterate_phdr with callbacks. It represents original security research from the Bulletproof Red Team.
|
By Keiran Mather
This is a Bulletproof Tech Talk article: research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. In the complex landscape of Active Directory, ensuring secure and appropriate access is a constant challenge. Recently another "ESC" technique has been released which is known as ESC13.
|
By Nicky Whiting
The Cyber Essentials scheme has started to become a victim of its own success, with some organisations thinking it’s all they need to operate securely. Now I need to start by saying that Cyber Essentials is a great security baseline and I strongly recommend that every single organisation gets Cyber Essentials certification. It provides a valuable framework for establishing fundamental cyber security practices. But is that always enough?
|
By Ayisha Bari
If you’ve heard of ransomware attacks in the news, you’ll know they can result in big losses for big businesses. But the fact is that organisations of any size can fall victim to an attack, and often the smaller your business is, the more severe the impact.
|
By Dominic Mortimer
During my time delivering red team engagements over the last few years, I've had the luxury of working with organisations who’re just starting out with their red teaming approaches, all the way up to battling hardened and heavily monitored networks. In this experience, I’ve found that one of the key areas that makes or breaks a successful operation is the scoping, sizing and planning of an engagement. It can often be daunting to explore more threat-led and realistic testing approaches.
|
By Jason McNicholas
Malicious actors are always coming up with new and innovative ways to steal your money and information. This means it’s all the more important to be aware of these new attacks as they appear and know how to spot and respond to them. In this article I’ll be bringing attention to a new attack that has become increasingly common in recent months. That attack is called ‘Quishing’, and it is a specific new variant of the much broader attack known phishing.
|
By Eze Adighibe
SOC 2 is an information security standard was created by the American Institute of Chartered Public Accountants (AICPA), as a way to provide assurance of an organisation’s management of data. SOC 2 compliance provides a framework to assess against five Trust Service Criteria (TSCs) – but more on those later. There are two types of SOC 2 compliance: Type I and Type II.
Bulletproof Co-founder & CEO, Oliver Pinson Roxborough, talks us through how hackers hide, the perceived threat from nation states, and what that means for your business.
|
By Jemma Aldridge
It’s not surprising that adoption of Cyber Essentials certification is growing steadily year on year. It’s a valuable certification to have, not least of all for the many commercial opportunities it presents. But as a Cyber Essentials Assessor, one thing I see repeatedly is that poor network boundary implementation making reaching certification harder than it has to be – especially for smaller organisations. That’s what I’m going to be looking at in this blog.
|
By Nicky Whiting
Implementing ISO 27001, the international standard for information security management, is a complex process that requires expertise, experience and careful planning. This blog explores why using a consultant for ISO 27001 implementation is crucial to not just ensure certification, but also (and perhaps more importantly), to build an information security management system that is tailored to your business and its objectives. To make sure your certification is actually working for you.
|
By Bulletproof
Confused about PCI compliance? Get a clear understanding of this much misunderstood standard with our Clarity On PCI Compliance white paper. This is the first in our 'Security First' series of white papers and provides an illustrated insight into the world of PCI DSS compliance. Inside we explain the requirements, dispel the myths and give you top tips for saving time and effort.
|
By Bulletproof
This Security First white paper will help businesses understand all aspects of penetration testing services, from planning and managing through to getting real value and benefit from the results. This whitepaper is not a guide for practitioners, but instead is aimed at people who need to procure, plan, and manage the lifecycle of a penetration testing project.
|
By Bulletproof
This white paper will provide you with a high-level understanding of GDPR's strategic aims and the challenges these present to UK businesses. In addition, we'll present helpful tips for interpreting, implementing and maintaining the new legislation and your approach to managing personal data.
- July 2024 (1)
- June 2024 (3)
- April 2024 (2)
- March 2024 (5)
- February 2024 (7)
- January 2024 (6)
- December 2023 (2)
- October 2023 (2)
- August 2023 (1)
- July 2023 (1)
- June 2023 (5)
- May 2023 (8)
- April 2023 (4)
- March 2023 (4)
- February 2023 (3)
- January 2023 (9)
- November 2022 (1)
- October 2022 (1)
- August 2022 (1)
- July 2022 (3)
- June 2022 (1)
- May 2022 (3)
- April 2022 (4)
- March 2022 (5)
- February 2022 (6)
- January 2022 (3)
- December 2021 (2)
- November 2021 (4)
- October 2021 (1)
- September 2021 (2)
- August 2021 (2)
- July 2021 (1)
- June 2021 (2)
- May 2021 (2)
- April 2021 (2)
- March 2021 (1)
- February 2021 (3)
- January 2021 (3)
- December 2020 (3)
- November 2020 (3)
- September 2020 (1)
- August 2020 (1)
- July 2020 (2)
- June 2020 (3)
- May 2020 (1)
- April 2020 (1)
- March 2020 (4)
- February 2020 (1)
- December 2019 (1)
- November 2019 (2)
- October 2019 (1)
- September 2019 (2)
- August 2019 (1)
- July 2019 (3)
- June 2019 (2)
- May 2019 (2)
- April 2019 (2)
- March 2019 (4)
- February 2019 (2)
- January 2019 (2)
- December 2018 (1)
- November 2018 (2)
- October 2018 (4)
- September 2018 (6)
- August 2018 (6)
- July 2018 (3)
- June 2018 (4)
We are your best defence from cyber threats. We are Bulletproof.
Here at Bulletproof, security's in our DNA. Our information and cyber security services are the best way to stay ahead of the hackers, take control of your infrastructure and protect your business-critical data.
Investing in the future by securing today: Employees are the lifeblood of a company, and we are no exception. We’re proud to say our staff are passionate and experienced in all areas of information security – and certified by the likes of CREST and Tigerscheme. We also have a world-class infrastructure, with two PCI v3.2 compliant data centres and powerful SIEM software that was designed in-house.
24/7 Security Operations Centre: One of the major factors to our success is our UK Security Operations Centre (SOC). This is an in-house facility, staffed every hour day and night by our cyber security gurus. The SOC acts as a command station for all our security operations and, in the case of our Managed SIEM and Threat Protection services, are always geared up to deploy full incident management procedures, according to pre-defined runbooks, within moments of a security event being detected.
Trained. Experienced. Certified. That’s Bulletproof.