NotSoSecure @ HackerSummerCamp 2019

With each passing year NotSoSecure presence becomes bigger and better at Hacker summercamp. This year @ hackersummercamp 2019 we were present in multiple capacities and performed multiple duties. Here is an outline of what we did this summer

Remote pen testing

Remote doesn't mean removed. Especially when your organisation's security is at stake. Talk to us about our Remote Penetration Testing service as we all adapt to the new way of working.

The Anatomy Of A Cloud Hack

This session explores Cloud Security Breaches, and how available reconnaissance techniques and tools are leveraged by unethical hackers to successfully uncover vulnerabilities. Learn how cloud security differs from conventional security and how to utilize cloud services to perform continuous monitoring and defence.

Application Security For Developers

Secrets Management using Hashicorp Vault Webinar for Nullcon

Rohit Salecha is a technology enthusiast who loves to dive deep into the world of technology. His current expertise revolves around finding interesting bugs in Web Applications and also loves doing Android and iOS app security assessments.

Endpoint Detection and Response (EDR)

Claranet Cyber Security have announced the launch of a new Endpoint Detection and Response service as part of its growing Managed Security Services portfolio for customers. Your most sensitive data lives on the endpoint and in the cloud. Fast reactions prevent potential breaches and require a combination of technology and resource.

Claranet | CST Brochure

Continuously understand vulnerabilities, make the right decisions. Download PDF

Quick read checklist for secure remote working

Administrator's Guide: Cybersecurity checklist for remote working

Controlled Phishing simulation

As traditional working patterns and daily life changes, cybercriminals are exploiting the COVID-19 outbreak to spread malware. Run a controlled phishing simulation to find out where your risks lie: https://t.co/YccVM87VFl

Claranet | MDR Brochure

Continually hunt, detect, analyse and report on threats.

How to integrate security into the DevOps pipeline

Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, with DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. This presentation presents various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.

Claranet Cyber Security

With 17 years’ experience in cybersecurity services and training, for the biggest brands across the globe, Claranet Cyber Security combines the expertise of Sec-1 and NotSoSecure.

Claranet | Secure remote working

Administrators guide - Quick read checklist for secure remote working. Download PDF

Claranet Cyber Security Brochure

Stay secure and compliant Download PDF

New thinking around DevSecOps

Commentary and ideas from the frontline. Catch up with delegates at IP Expo last month to gauge awareness and understanding around this new way of working.

Claranet | PCI DSS Compliance Services

Protect your cardholder data and secure your business. Download PDF

Common PCI DSS Misconceptions

PCI DSS can be a complex beast. That's because many businesses are not clear whether PCI applies to them or do not have a clear understanding of what they are looking at. Our Principle Security Consultant, Wayne Murphy explains the common misconceptions and problem areas that our Qualified Security Assessors (QSA) often encounter.

Claranet | Security Testing Services

Web and Mobile Application Testing, Infrastructure Testing, Social Engineering Assessments, and Red Team Exercises. Download PDF

Boom time: how cybersecurity has morphed with the rise of the white hats

Due to a rise in bug bounties from companies large and small, many hackers are seeing the light and using their skills for good. We look at some of the ways you can work with this new breed of hacker.

Plugging the gaps: working together to ensure Cyber Essentials certification

The CREST Cyber Essentials Scheme is a great starting point for any modern organisation wishing to keep its data - and that of its customers - safe. However, it is not a catch-all to ever evolving attack vectors. We show you how to plug the gaps.

A game of hide and seek: why IoT is exposing the network to multiple attack points

Find what is lurking within the far reaches of your corporate network so that you can plug the gaps opened up by the myriad Internet of Things.

Testing times: which is the best methodology for you

Find out which is the best testing methodology for you and your business.

Beware Malware: created, morphed, and now ready to hit hard

Cybersecurity is certainly nothing new, but malware has been in the headlines recently. In this opening article on security Holly Williams, a 10-year expert of the infosec wars and a Penetration Test Team Leader, takes a look at the past, present, and future of the dark art.

Email: still the favourite route of attack

Is your email security up to the challenge?

Cybersecurity Toolkit

Cybersecurity is a fast-expanding field spanning network infrastructure, remote services, device diversity, even the nuances of human interaction and behaviour within the enterprise. Today’s IT expert is part technician, part detective, and part sociologist. This SlideShare presentation is a blow-by-blow account of the issues that matter in today’s hyperlinked, cross-connected, time-shifted organisation—with each threat backed up by some key statistics. Download PDF

UK Exposed: Cybersecurity skills shortage putting businesses in the firing line

While businesses across the country grapple with post-BREXIT contingency planning, a lack of experienced and qualified professionals with the right cyber skills is presenting an additional major challenge. Back in 2014, Jon Oltsik, principal analyst at Enterprise Strategy Group ESG, predicted a growing cybersecurity skills shortage panic over the coming years, saying:

Growth in leaked exploit attacks means penetration testing should be a front-line defensive measure, warns Sec-1

Author: Jack Kerr Actively rooting out vulnerabilities is the most effective way of preventing attacks of this nature

Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension

During one of our recent web application penetration testing assignments, @realsanjay encountered a scenario where the application employed an integrity check on HTTP request content. The integrity check was maintained using a custom HTTP header that stored the HMAC of HTTP request content based on session-specific CSRF tokens. Any modification in the HTTP request would result in a “499 Unknown” HTTP error response.

Exploiting VLAN Double Tagging

We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them showcase a weaponized attack.

Continuous Security Monitoring using ModSecurity & ELK

Recently, NotSoSecure got an opportunity to explore the working of monitoring and alerting systems as a part of a project. In this blog post, Anand Tiwari will talk about his experience and challenges faced while setting up one such monitoring and alerting system.