NotSoCereal-Lab: A Deserialization exploit playground

TL;DR: NotSoSecure is releasing a new VM to hone your Deserialization skills at https://github.com/NotSoSecure/NotSoCereal-Lab.

Defense against Client-Side Attacks

Download PDF

The emerging threat of Scalpers to supply chains

The purpose of this Whitepaper is to highlight the threat scalpers pose to the economic global market and how complete security solutions such as Security Information and Event Management (SIEM) and penetration testing which can help secure and protect your cyber estate. Download PDF

WhitePaper Release: Defense against Client-Side Attacks

TL;DR: A new WhitePaper released https://claranetcybersecurity.com/blog/2021-12-20-defense-against-client-side-attacks to help attackers understand client-side attacks and for developers to understand how to mitigate them.

Security Architecture Review Of A Cloud Native Environment

Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests to check the security posture of cloud infrastructure deployments.

Flutter based Mac OSX Thick Client SSL Pinning Bypass

During one of our recent thick client application penetration tests, Sanjay encountered a scenario where the application was built on top of a Flutter framework and had an SSL pinning check in one of the embedded libraries. Due to this check, the application provided an SSL pinning error when it was configured using Burp.

Let’s Cook ‘Compliance as Code’ with Chef InSpec

Introduction The concept of DevSecOps has introduced an array of changes to our traditional operations. One of the major changes was to move away from using tools, to learning to bake our own 'code'. Of the many things required for an application or an environment to be production-ready, compliance is fundamental and we ought to look at 'Compliance as a code'.

NotSoSecure @ HackerSummerCamp 2019

With each passing year NotSoSecure presence becomes bigger and better at Hacker summercamp. This year @ hackersummercamp 2019 we were present in multiple capacities and performed multiple duties. Here is an outline of what we did this summer

Remote pen testing

Remote doesn't mean removed. Especially when your organisation's security is at stake. Talk to us about our Remote Penetration Testing service as we all adapt to the new way of working.

The Anatomy Of A Cloud Hack

This session explores Cloud Security Breaches, and how available reconnaissance techniques and tools are leveraged by unethical hackers to successfully uncover vulnerabilities. Learn how cloud security differs from conventional security and how to utilize cloud services to perform continuous monitoring and defence.

Application Security For Developers

Secrets Management using Hashicorp Vault Webinar for Nullcon

Rohit Salecha is a technology enthusiast who loves to dive deep into the world of technology. His current expertise revolves around finding interesting bugs in Web Applications and also loves doing Android and iOS app security assessments.

Endpoint Detection and Response (EDR)

Claranet Cyber Security have announced the launch of a new Endpoint Detection and Response service as part of its growing Managed Security Services portfolio for customers. Your most sensitive data lives on the endpoint and in the cloud. Fast reactions prevent potential breaches and require a combination of technology and resource.

Claranet | CST Brochure

Continuously understand vulnerabilities, make the right decisions. Download PDF

Quick read checklist for secure remote working

Administrator's Guide: Cybersecurity checklist for remote working

Controlled Phishing simulation

As traditional working patterns and daily life changes, cybercriminals are exploiting the COVID-19 outbreak to spread malware. Run a controlled phishing simulation to find out where your risks lie: https://t.co/YccVM87VFl

Claranet | MDR Brochure

Continually hunt, detect, analyse and report on threats.

How to integrate security into the DevOps pipeline

Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, with DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. This presentation presents various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.

Claranet Cyber Security

With 17 years’ experience in cybersecurity services and training, for the biggest brands across the globe, Claranet Cyber Security combines the expertise of Sec-1 and NotSoSecure.

Claranet | Secure remote working

Administrators guide - Quick read checklist for secure remote working. Download PDF

Claranet Cyber Security Brochure

Stay secure and compliant Download PDF

New thinking around DevSecOps

Commentary and ideas from the frontline. Catch up with delegates at IP Expo last month to gauge awareness and understanding around this new way of working.

Claranet | PCI DSS Compliance Services

Protect your cardholder data and secure your business. Download PDF

Common PCI DSS Misconceptions

PCI DSS can be a complex beast. That's because many businesses are not clear whether PCI applies to them or do not have a clear understanding of what they are looking at. Our Principle Security Consultant, Wayne Murphy explains the common misconceptions and problem areas that our Qualified Security Assessors (QSA) often encounter.

Claranet | Security Testing Services

Web and Mobile Application Testing, Infrastructure Testing, Social Engineering Assessments, and Red Team Exercises. Download PDF

Boom time: how cybersecurity has morphed with the rise of the white hats

Due to a rise in bug bounties from companies large and small, many hackers are seeing the light and using their skills for good. We look at some of the ways you can work with this new breed of hacker.

Plugging the gaps: working together to ensure Cyber Essentials certification

The CREST Cyber Essentials Scheme is a great starting point for any modern organisation wishing to keep its data - and that of its customers - safe. However, it is not a catch-all to ever evolving attack vectors. We show you how to plug the gaps.

A game of hide and seek: why IoT is exposing the network to multiple attack points

Find what is lurking within the far reaches of your corporate network so that you can plug the gaps opened up by the myriad Internet of Things.

Testing times: which is the best methodology for you

Find out which is the best testing methodology for you and your business.

Beware Malware: created, morphed, and now ready to hit hard

Cybersecurity is certainly nothing new, but malware has been in the headlines recently. In this opening article on security Holly Williams, a 10-year expert of the infosec wars and a Penetration Test Team Leader, takes a look at the past, present, and future of the dark art.