Pen Test Partners

Home
United Kingdom
Buckingham
Pen Test Partners

Contact information, map and directions, contact form, opening hours, services, ratings, photos, videos and announcements from Pen Test Partners, Business consultant, Pen Test Partners LLP, Unit 2, Verney Junction Business Park, Buckingham.

30/10/2025

When it comes to being security aware, there are seemingly endless things you need to consider. In our latest blog post, wrapping up Security Awareness Month, Eime has outlined four key pillars to help you maintain your online security.

📌Read here: https://www.pentestpartners.com/security-blog/security-awareness-four-pillars-for-staying-safe-online/

TL;DR

Pillar 1: Social media

Review your privacy settings, especially on social media. Limit what strangers can see, and think before you post. Screens, badges, emails, locations, and even your pet’s name can all be used against you.

Pillar 2: Account protection

Stop using weak, guessable passwords. Use long, unique passwords or passphrases that don’t include personal details. Store them in a password manager instead of reusing them across accounts. Turn on multi-factor authentication (MFA) anywhere it’s offered, especially for email, banking, work accounts, and your password manager.

Pillar 3: Phishing and social engineering

Watch for phishing, vishing (voice phishing), and smishing (SMS phishing). Urgency, pressure, unusual requests, unexpected login prompts, or payment demands are all red flags. Slow down and verify using known contact details.

Pillar 4: Software updates

Keep your devices, browsers, and apps updated. Patching your software closes known security holes that attackers actively use. Enable automatic updates and remove apps you don’t use.

23/10/2025

Exposing your home lab to the internet can open a path into your personal accounts and even your work assets.

In our latest blog post, Morgan Davis shows how to cut that risk with low-cost controls you can apply today, no enterprise tools needed. It teaches security thinking to help you reduce your attack surface and more.

📌 Read the guide here: https://www.pentestpartners.com/security-blog/hardening-your-home-lab/

21/10/2025

Payroll diversion scams are still catching people out.

Attackers use LinkedIn to find out who works in payroll, and then they send convincing emails asking to change salary payment details. One forwarded message is all it takes for the fraud to seem real.

Our latest blog post by Dave Wardle explains how these scams work, the internal controls that stop them, and the LinkedIn privacy settings that make you harder to target.

📌Read here: https://www.pentestpartners.com/security-blog/stop-payroll-diversion-scams-before-they-start/

17/10/2025

When a breach occurs, it’s too late to wish you’d configured your logs...

Incident responders can only work with what’s there. Our latest blog post, written by Nicole, breaks down which logs provide the best chance of understanding what really happened and how to configure them before you need them, so you can get back to business as usual swiftly.

📌Read here: https://www.pentestpartners.com/security-blog/the-logs-youll-wish-you-had-configured-if-when-you-are-breached/

14/10/2025

Need Nmap in a locked-down container? Build it yourself... safely.

Ever tried running Nmap in a hardened environment only to hit missing libraries? Downloading random static binaries from the internet is a risky endeavour.

Our Gabriel Garcia Teran walks through building your own Nmap, and has made a Go interactive tool that lets you select flags and versions, then generates and runs the full build command.

No black-box downloads!

📌 Read here: https://www.pentestpartners.com/security-blog/compiling-static-nmap-binary-for-jobs-in-restricted-environments/

16/09/2025

Attackers abuse Discord webhooks for lightweight C2, but what does the cache leave behind?

In our latest blog post, Joseph Williams shows that a simple PowerShell beacon can send files and exfiltrate data to a Discord channel.

But what's in the cache? Attachments, thumbnails, and webhook URLs?

We have released a Discord Forensic Suite with a CLI parser and a GUI tool. It builds HTML and CSV timelines to reconstruct Discord activity after messages and files are deleted.

📌 Read here: https://www.pentestpartners.com/security-blog/discord-as-a-c2-and-the-cached-evidence-left-behind/

10/09/2025

Professional titles are now mandatory under NCSCs CHECK. This changes who can lead tests, who can support, and the assurance your board receives.

Team Leaders must now hold a Principal title and Team Members a Practitioner title by March 2026.

In our latest blog post, Lewis Cradduck (CTL) explains what CHECK is, what’s changed, when it applies, and how to get the most from it...

📌 https://www.pentestpartners.com/security-blog/a-buyers-guide-to-check-in-2025/

09/09/2025

Andrew Tierney presented at the OWASP Manchester meetup, showing how quick, practical hardware checks expose the boxes most teams ignore in his talk. “Quick and dirty: getting inside boxes.”

Many infrastructure testers look for public vulnerabilities and software bugs to exploit, but what about the hardware that's sitting right under their noses? Often, unchecked on-site hardware lurks, just waiting to spill the beans…

He walked through fast techniques to do just that without needing a full-blown lab. If you have a dusty box in the server room, it could be worth a closer look.

08/09/2025

Ken Munro talked about how hard it is to keep OT and IT separate on cruise ships at BSides Bristol and what happens when that line is crossed. Cruise ships are among the most complex environments you’ll find in a single moving location...

They combine propulsion, navigation, and power generation with a hotel, restaurant, casino, and theatre, plus safety and fire control systems. That complexity makes maintaining strict separation between OT and IT a real challenge.

Fortunately, genuine attacks on vessels remain rare. The future is looking more positive as regulation starts to drive cyber on board in the right direction too. He also touched on some of the comedic, if marginally plausible, hacks in the movie Speed 2: Cruise Control. A movie to miss!

05/09/2025

Our summer get together brought the team together for collaboration, learning, and great food.

We kicked things off with talks and discussions, one of which was an AI hackathon, where everyone got an introduction to AI before creating something new in just 90 minutes! The creativity and enthusiasm was great, with plenty of new skills taken away.

We also took a moment to hand out team awards and celebrate the hard work and achievements that make such a big difference at PTP.

And of course, the day wouldn’t have been quite complete without Mark’s BBQ...

04/09/2025

In the final part of the Bluetooth hacking series, Sam Thom pulls it all together with his go-to BLE kit...

A Sniffle dongle and a Nordic dev kit give you everything you need to capture, interact, and even script Bluetooth traffic. The Nordic kit also runs an interactive Bluetooth shell, making it easier to learn and experiment.

📌Start hacking BLE here: https://www.pentestpartners.com/security-blog/start-hacking-bluetooth-low-energy-today-part-3/

02/09/2025

Broadcast receivers handle system events like boot, charging, or headset plug-ins, but they also come with risks if misconfigured.

In this blog post, David Lodge explains how broadcast receivers work and how to enumerate an app’s receivers...

📌https://www.pentestpartners.com/security-blog/android-broadcast-receivers-101/

Address

Pen Test Partners LLP, Unit 2, Verney Junction Business Park
Buckingham
MK182LB

Website

https://www.pentestpartners.com/

Alerts

Be the first to know and let us send you an email when Pen Test Partners posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Want your business to be the top-listed Business in Buckingham?