We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you? PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

To become a CE+ assessor, I had to take the Vulnerability Assessment Plus (VA+) exam, which is split into two parts: a practical element and a multiple-choice section. The exam requires a solid ...

Browser caching is a function that allows web browsers to store copies of a variety of web resources locally. This is intended to increase the speed and efficiency at which a website loads its ...

As ships get bigger, with more automation, fewer crew members, and more connectivity, the attack surface of a modern commercial vessel is becoming as complex and diverse as that of a connected car or ...

Poorly protected authentication requests from privileged automated tasks (e.g. vulnerability scanners, health checks) could be intercepted by rogue authentication servers planted in the internal ...

For a long time, the primary security model for airplanes has been physical. Airside security controls are there to prevent access by unauthorised personnel. However, as connectivity with e-enabled ...

Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this ...

The aviation industry realised some time ago that taking a standard approach to the cyber security of its products was needed and that this was a specialist discipline. A family of documents was ...

DNSSEC secures DNS but may unintentionally expose domain structures via NSEC/NSEC3 records, enabling zone walking to enumerate subdomains. NSEC openly lists domain names, making enumeration easy.

A red team engagement is an objective-based assessment that requires a holistic view of the organisation from the perspective of an adversary. This assessment process is designed to meet the needs of ...

Papa, the PTP Proactive Advanced Password Auditor, is a password cracking and auditing service. Attackers often exploit weak passwords and attempt to crack hashes to gain further access to a network, ...

IASME recognises Pen Test Partners as a Cyber Essentials certifier; something we’re very pleased about. By working with us you can achieve Cyber Essentials scheme status with a minimum of fuss and ...