Pen Test Partners

OT pen test findings that plant teams can actually use

TL;DR   Introduction  I have read a lot of OT pen test reports. I’ve spoken with a lot of clients about pen test reports. And ...
pentestpartners.com

How we turned a real car into a Mario Kart controller by intercepting CAN data

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...
pentestpartners.com

Fully segregated networks? Your dual-homed devices might disagree

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...
pentestpartners.com

Android Content Providers 101

Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs. Recently I’ve been looking at exported as an interesting way to ...
pentestpartners.com

Pipedream ICS malware toolkit is a nightmare

Pipedream, tooling created by the CHERNOVITE hacking group, has sparked serious concern in the cybersecurity world. It has the ability to target industrial control systems (ICS) without relying on ...
pentestpartners.com

Making children’s toys swear

In our last toy related post we mentioned My Friend Cayla, here we’ll lift the lid on what we found. Cayla is effectively a bluetooth headset, dressed up as a doll. Yes, you can actually make phone ...
pentestpartners.com

Database Integrity Vulnerabilities in Boeing’s Onboard Performance Tool

Security gaps in older, unprotected Windows desktop versions of Boeing’s Onboard Performance Tool (OPT) could make certain Electronic Flight Bags (EFB) more susceptible to attack. In particular, OPT’s ...
pentestpartners.com

Bypassing MFA on Microsoft Azure Entra ID

On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network. But we had not yet gained access to their cloud estate, which was hosted in Azure. Our ...
pentestpartners.com

Dodgy disks. My 32TB SSD Adventure

Earlier this year I found myself in need of various cheap electronic components. So naturally I turned to AliExpress. I came across a listing for a cheap “32TB Portable SSD”. I knew this was too good ...
pentestpartners.com

SweetPotato – Service to SYSTEM

I’ve had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications ...
pentestpartners.com

How easily access cards can be cloned and why your PACS might be vulnerable

What is a physical access control system? A physical access control system, or PACS, is the system that opens the door when you scan your identity card or smart phone app on a reader. It’s the system ...