BEC attacks typically leverage the compromise of a trusted third party to conduct a phishing attack against a partner ...

Be aware of some common approaches that are prevalent in scams such as these.

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you? PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

We are vendor neutral and platform agnostic. This means that you get unbiased testing and appraisal of any and every environment. We keep a very clear and level head too. We are not fazed by high ...

We have talented testers for virtually any scenario, a bold claim but true nonetheless. We’ve provided a sample of the types of pen testing we conduct, it’s not exhaustive but gives a flavour of what ...

This is the second in a three-part series looking at the key steps for an effective investigation, response, and remediation of email-based threat in M365. Part one looked at the key artefacts to ...

An Attack Surface Assessment (ASA) is an intentionally time constrained exercise that uses open-source information in a largely passive way to establish what services you are publishing to the ...

CREST has worked with OWASP to create a quality assurance standard for web security. The CREST OWASP Verification Standard (OVS) Program is aligned with OWASP’s application security standard. It is ...

In my last blog post we delved into the Volatility Framework. In this two-part series I want to highlight how memory forensics plays a crucial role in enhancing forensic investigations by providing ...

As ships get bigger, with more automation, fewer crew members, and more connectivity, the attack surface of a modern commercial vessel is becoming as complex and diverse as that of a connected car or ...

Pen Test Partners provides CBEST Red Teaming to assess the Prevention, Detection, and Response capabilities of financial institutions. It means that those institutions maintain resilience and are able ...

As security is a process not a product, security training should never be commoditised. That’s why we deliver bespoke security training to all levels, from absolute novice users through to CISOs, ...