Reducing ECS cost with resource over-provisioning

AWS Fargate can be expensive for multi-container workloads, but over-provisioning with EC2 backed ECS isn’t as simple as you’d expect

We sponsored BSIDES Cheltenham 2024 with awesome badges (AGAIN)

Our funky PCB Art badges made it back to BSIDES Cheltenham!

Why is peer approval critical to DevSecOps success?

DevSecOps tooling can be bypassed and ignored if proper development processes are not enforced, and this is where peer approvals come in

How to search organisation-wide cloudtrails with Athena

AWS Athena is the easiest way to search organisation-wide cloudtrails implemented by AWS Control Tower. In this blog, we walk you through it.

Base tag HTML injection: A guide for pentesters

We’re diving deep into a lesser-discussed variant of HTML injection that isn’t very well known at all, Base Tag Injection.

Streamline Your Tests: Mocking APIs with VCR.py

Developers typically use the unittest.mock module to patch the requests library directly, replacing real HTTP calls with mock objects. vcrpy makes it much easier.

ZAP is dead! Long live Zap!

We take a look at the Zed Attack Proxy as it moves away from OWASP and towards the Software Security Project

dnsReaper gets ProjectDiscovery Chaos and SecurityTrails support

dnsReaper is designed to check your own domains, but now we’ve added Project Discovery and SecurityTrails support too!

We gold sponsored BSIDES Cheltenham with awesome badges

We ran a stall, gave 2 talks and provided 400 Delorean PCB conference branches to make BSIDES Cheltenham that little bit more awesome.

Our birthday CTF nearly didn't happen...

We put a lot of effort into testing our CTF platform, but a simple oversight nearly meant we had to call it off.

Defending from bots with Cloudflare

We use Cloudflare to protect our CTF from spam bots, VPNs and hackers.

Safely delegating role creation in AWS

AWS IAM permission boundaries allow you to safely delegate user and role creation permissions

What makes the Punk Security CTF tick?

Our DevSecOps CTF is May 4th this year, but what makes it tick?

Using iam roles inside AWS Kubernetes

AWS managed Kubernetes (EKS) allows your pods to assume AWS iam roles automatically so you don’t have to handle pesky credentials.

Auditing Fortinets Github with SecretMagpie

SecretMagpie is our opensource secret detection tool, and in this article we walk you through using it against an organisation’s public repositories.

Simplifying kubernetes network policies with cilium

Kubernetes network policies can be difficult to write but the free cilium editor makes it really simple

Auditing Kubernetes with rbac-police

Kubernetes pods can be abused to take over the entire Kubernetes cluster. rbac-police shows you which.

Applying Cyber Essentials scheme to CI/CD

The Cyber Essentials scheme provides simple and clear guidance but how does it apply to cicd?

Blocking cryptomining bills with SCPs

Attackers typically use stolen AWS Access keys to deploy expensive cryptomining ec2 instances, but this can be be blocked with SCPs.

Simon spoke about subdomain hijacking at DTX!

Simon delivered his subdomain hijacking talk with a new twist. Why is DevOps making us more vulnerable?

Simon spoke about DNS attacks at BSIDES NCL!

With so many of our talks taking us to Manchester and London, Simon jumped at the chance for a local talk in Newcastle!

We exhibited at DTX 2022

We exhibited for the first time, choosing Manchester DTX as our first ever trade event.

Daniel also spoke on the DevOps stage, giving a fantastic talk on DevSecOps

We are UK Cyber Security Council members

We are proud to be one of the first members of the UK Cyber Security Council, an NCSC initiative and self-regulatory body for the Cyber profession.

We partnered with usecure

We evaluated the leading vendors in this space and found uSecure to be the best fit for our customers. In fact, we liked it so much that we’ve decided to include it in all of our vCISO packages for small businesses.

This website is built with Hugo

Hugo allows us to build a super fast website, hosted out of an AWS S3 bucket, but with all the features you need from a modern CMS.

We were invited to speak at @hack in Saudi Arabia

We loved presenting our two opensource tools, pwnSpoof and SMBeagle, live at @hack.

We ♥ ArgoCD

ArgoCD allows us to deploy our apps onto Kubernetes directly from our source control, GitHub.

We ALSO presented SMBeagle at Blackhat!

We kept SMBeagle shrouded in mystery until Blackhat, but now its public on Github under the apache license.

We presented pwnSpoof at Blackhat!

pwnSpoof had some major updates in preparation for Blackhat EU and we loved engaging with the community on its future.

We spoke at DTX 2021

Daniel was invited to present a 30 minute talk on DevSecOps at DTX in London.

It was a fantastic experience and you can stream the presentation here.