Simon Clow presents at CRESTCon
Simon presented on ‘Exploiting hardware management subsystems' (aka "iLO, iLO, it’s off to work we go!") at CRESTCon on the 19th March 2014.
Modern computing systems implement a variety of remotely accessible, instrumented management interfaces. As professional penetration testers it is important to understand the native capabilities of such interfaces, the security consideration of offering access and the techniques used to interact with and exploit the interface.
Context is recognised for Best Security Company
We’re excited to announce our nomination for Best Security Company at the SC Magazine Awards 2014.
These awards honour professionals working to secure enterprises of all sizes and the vendors that deliver innovative security technologies.
Expert judges have been drawn from the senior ranks of the information security...
Context present on targeted attacks at Securing the Law Firm event
Stuart McKenzie, one of our Senior Consultants presented on 'targeted attacks and the legal sector' at Securing the Law Firm on the 29th January.
Context Accredited for Government Cyber Incident Response Scheme
Context is one of the first companies to be certified by CESG, as an approved supplier of Cyber Incident Response services to UK organisations that have suffered attacks from the most sophisticated criminal or state-sponsored threat actors. The Cyber Incident Response scheme provides the public sector, the UK’s critical national infrastructure and private sector companies that impact on the country’s ‘economic well-being’, with access to Government-accredited suppliers delivering the highest levels of experience, ability and integrity.
Congratulations to James Forshaw
Congratulations to Context’s James Forshaw for coming up with a new exploitation technique to win Microsoft’s first ever $100,000 bounty! James already has had success with design level bugs he found during the IE11 Preview Bug Bounty, and Microsoft are thrilled to announce that he continues to improve their platform-wide security by leaps and bounds.
Whilst Microsoft can’t go into the details of this new mitigation bypass technique until they address it, they are excited that they will be able to use these insights to better protect customers by proactively including defenses against these advanced techniques within future releases of their products. This knowledge helps Microsoft to make individual vulnerabilities less useful when attackers try to use them against customers.