Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Cyber Essentials Changes for 2025

You may be asking, “why are they changing the questions?” Well, the threat landscape is always changing, so the way we react to those threats needs to change too. This is the only way to make sure that your business stays secure, in addition to it bringing the scheme up-to-date with current security practices. Cyber Essentials will still continue to focus on the five key technical controls which are the best first line of defence against a potential threat.

Notice & consent compliance in US, China & Canada

In the first of our blog series on international data protection, I’m taking a look at how companies can ensure compliance with notice and consent requirements in the USA, China, and Canada. In a world where digital footprints are as common as physical ones, the governance of personal data has become a pressing issue.

What is a Cyber Advisor?

Certifications are a great way for customers to get confidence that the company they’re trusting with their cyber security is up to the job. So, when the Cyber Advisor scheme was launched, we thought it was a great opportunity to invest in our staff. In this Q&A blog we’ll look at what a Cyber Advisor is, what it means for your business, and what it means to our staff – as we talk to Bulletproof’s first Cyber Advisor, Jemma Aldridge.

Tech Talk: Behind the curtain - Obfuscating Linux Symbols

This is a Bulletproof Tech Talk article: original research from our red team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. This blog looks at obfuscating Linux Symbols using dl_iterate_phdr with callbacks. It represents original security research from the Bulletproof Red Team.

Tech Talk: Abusing ESC13 from Linux

This is a Bulletproof Tech Talk article: research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. In the complex landscape of Active Directory, ensuring secure and appropriate access is a constant challenge. Recently another "ESC" technique has been released which is known as ESC13.

Beyond Cyber Essentials: securing critical operations

The Cyber Essentials scheme has started to become a victim of its own success, with some organisations thinking it’s all they need to operate securely. Now I need to start by saying that Cyber Essentials is a great security baseline and I strongly recommend that every single organisation gets Cyber Essentials certification. It provides a valuable framework for establishing fundamental cyber security practices. But is that always enough?

How to Get Started with Red Teaming - Expert Tips

During my time delivering red team engagements over the last few years, I've had the luxury of working with organisations who’re just starting out with their red teaming approaches, all the way up to battling hardened and heavily monitored networks. In this experience, I’ve found that one of the key areas that makes or breaks a successful operation is the scoping, sizing and planning of an engagement. It can often be daunting to explore more threat-led and realistic testing approaches.