Written by Rob
What I Am Writing About Unlike most things I publish, this isn’t going to focus on how I came to find a vulnerability, but rather the problems I had trying to disclose it, and things that I could have approached better, in the hope it may help other people in the future if faced with being a small fish in a big pond which is trying to approach a larger organisation, who have few technical staff.
Written by Jay
During most mobile application or IoT pen test, it’s often a requirement to perform a man in the middle attack to view network traffic. Below are some approaches which work when the it’s not possible to set a system proxy (or when a mobile application does not honour it).
ARP Poisioning Pros/Cons Pro cons Easy |Active attack; can be detected Redirects all traffic |Can be risky |Device and laptop need to be on the same network.
Written by Tim
SPF / DKIM / DMARC - Where to start The alphabet soup from the title of this blog post are the DNS records you should have in place to help keep your domain from being abused by a spammer. Or worse, someone spreading malware. If you already have them in place, congratulations. Why are you reading this article? Move on to DNSSEC. Still here? Good.
Since it’s creation, email has never had security in mind.
Hi everyone, this is my first blog post so I thought I’d introduce myself:
My name’s Brett, I’m currently a security engineer for a MSP where a portion of my job (as well as being a member of the SOC) is to look after and make sure the abuse queue is dealt with and ensure that the abuse of our services are kept to a minimum. I’m writing this blog post up because I do see this type of compromise a lot and I thought I would share my experiences in how I’ve seen it occuring in the wild in the hope that it will help Threat hunters and other similar roles in discovering and dealing with such compromises and the kind of simple IOCs and data points to look for!
Written by Shirin Fahri
I hear horror stories from candidates and clients about recruiters far too frequently and after getting on my soap box about ethics in the recruitment industry one lunch, I was talked into standing in front of a group of security professionals to offer my advice on how to find a good recruiter.
So here’s some excerpts from my brief talk, hopefully you’ll find them useful:
Written by antfie
After giving some interview advice in the MGH slack channel it was suggested that I might like to deliver a lightening talk on the subject. Sure why not I thought and agreed to share my experience. I set about putting together a 10 minute presentation which turned out to be 15 minutes when I delivered it but it was well received by the group, even though we didn’t have time for questions.
Written by Jay
Manchester Grey Hats is about bringing the community together and because of that, we wanted to create a blogging platform for anyone wanting to use it.
Blogging with MGH is not like blogging with some of the other platforms. It might seem quite complicated and roundabout to start with but it gives us a few benefits:
Security. We are using static files so we have a smaller attack surface.
Presented by: Brett
Every day, every hour, minute, second we spend online posting about what we’ve eaten and where we’ve been we’re creating a massive footprint about ourselves and others that can be scarily easily used against us; of course this can also be used in our favour as well! In this workshop I’ll be giving you a really high-level overview of the capabilities of OSINT and what we can all do with it - from building ideas about our own habits, to criminal organisations, to the spread of ideas around the world.
Written by Rob
The ASIS CTF 2017 finals were our first CTF as a team (on short notice too!). We managed to complete five of the challenges in total, which ranked us in 98th place out of 590 teams overall, and the highest ranked team in the UK.
Challenge: V.I.R Description Rules are always broken, but not this time!
Solution The flag for this challenge was simply a case of heading over to the rules page, and finding it.
Presented by: Tim
USB devices have been with us now for over 20 years. They have posed a security risk to organisations, which is not always as understood as well as it could be. This workshop will look at USB devices and how they work, including practical exercises in making your own USB keyboard perform tasks on your behalf.
The workshop doesn’t assume any prior knowledge of programming, but a background in C and/or powershell would be useful.