top of page
All Posts
A Case Study in Technical Debt: why DynamoDB might not be for you
In this industry it can feel challenging to tell others you've made mistakes, but we believe that it's important to show not just the...
Aug 2, 20205 min read
CyberUp: Why We Believe the Computer Misuse Act Needs Reform
The Computer Misuse Act (1990) is 30 years old and was already out of date before it even got started. It came into effect in the UK...
Jul 12, 20202 min read
Scraping DNS records with BlueDanube
DNS is the heart of all things on the internet. It is the system that lets us type in amazon.com rather than 176.32.98.166 to do our...
May 17, 20203 min read
Cache Me Outside how bout dat?
Many of you will remember our blog post about RIDL, FALLOUT and ZombieLoad back in 2019, hot on the heels of Spectre and Meltdown from...
Jan 28, 20204 min read
The First Official NSA Exploit (CVE-2020-0601)
2020 starts with a shift in cybersecurity and the level of transparency that we usually see from the alphabet agencies. Tuesday the 14th...
Jan 15, 20204 min read
Trust but verify (your tools)
During a recent penetration test for a client we at Cygenta noticed a few odd responses from some of the scans we were doing with a tool...
Nov 26, 20194 min read
Fast data munging with AWS Athena and S3 Buckets
You have a ton of data, gigabytes of it, all in thousands - if not hundreds of thousands - of seperate files. How on earth do you go...
Sep 12, 20194 min read
How to build a data warehouse with AWS Redshift
I've been working on an idea for a while now that needed the ability to store and search through a large amount of data, we are not...
Aug 22, 20194 min read
A different type of phone hacking from 2013
In today's post, we're taking a trip down my social engineering memory lane, to around April 2013, probably a Thursday at about 5pm. Cast...
Aug 15, 20194 min read
What we can learn from APT34 using a fake University of Cambridge LinkedIn profile
Last week, FireEye reported a phishing campaign which they had identified and traced back to the Iranian group APT34. It's an interesting...
Jul 21, 20193 min read
RIDL, FALLOUT and ZombieLoad
So three(3) new hardware based vulnerabilities were released and whilst we all remember Spectre or Meltdown from last year these ones,...
May 14, 20193 min read
What we can learn from the APT34 leak
The Iranian hacking group known as APT34/Oilrig/HelixKitten have had a breach of their own: a dump of the breach has now been made...
Apr 17, 20193 min read
At some point you're probably going to have to do some running
I had a great chat with Carole Theriault about social engineering and how I see cybersecurity for most companies. We covered fishing rods...
Jan 11, 20191 min read
The Problem with SSL/TLS Certificates
**Editors Note: This blog post was written a few months ago. Since the extraordinary number of sites exposed by this flaw, Cygenta tried...
Nov 13, 20182 min read
Check your internet speed from the terminal
At times, it is nice to know that your internet connection is running at the best possible speed. This could be just for bragging rights...
Sep 6, 20182 min read
RFC's?
I have been posting a lot on Twitter recently about RFC's and I get a lot of questions from people about what they are, why they matter...
Aug 5, 20183 min read
bottom of page