Latest News
Setting up your own testing lab environment
A HOW TO GUIDE Introduction Welcome to your journey into building a lab environment with VirtualBox! Whether you are an aspiring penetration tester or just someone passionate about cybersecurity, having a safe and controlled environment to practice and experiment is...
How to Start Your Career In Penetration Testing
A HOW TO GUIDE If you want a career in penetration testing but don’t know where to start, this e-book will take you through what you need to know, with plenty of advice and tips throughout. Introduction Let's be honest. The cyber security industry is a mystery to most...
Crack more passwords with custom wordlists
Password cracking is an essential skill for penetration testers. Whether it is being used to crack a hash you’ve got from using responder, gain a first foothold on a device, or attempting to compromise accounts for lateral movement through a network, it is an...
What are JWT Tokens – and how to ‘hack’ them
JSON Web Tokens – or JWTs – are a common method of providing authentication and authorisation to a web application. While they may seem complex, it is possible to look closely and break down the structure of these three-part tokens, to understand the different...
An A-Z of pentesting terms and abbreviations – Part 2
In this blog post, we continue our A-Z glossary of common pentesting abbreviations, acronyms and terms, from N-Z. Get ready for the likes of OSINT, RFI, YubiKeys and more. And don’t forget, you can catch up on any terms you missed in part one (A-M) here. N – Nmap One...
How to identify and exploit XSS vulnerabilities
What is Cross-site scripting (XSS)? Cross-site scripting (XSS) is a web security vulnerability in which an attacker is able to inject malicious scripts into vulnerable sites and compromise the interaction between the user and the site. Cross-site scripting is what we...
An A-Z of pentesting terms and abbreviations – Part 1
The tech industry is synonymous with abbreviations, and cyber security is no different. TLAs (three letter abbreviations), acronyms, other abbreviations and unfamiliar names or terms are the norm. As a result, in this blog we have collated an A-Z glossary for the...
Training, mentoring and the illusion of short-term mentorship
Cyber security is an interesting, fast moving and in demand industry. On the one hand, we are constantly being told there are not enough professionals to fill the need. Yet without clear pathways, it can be challenging to find roles at the beginning of your journey...
Vulnerability Scanning and Penetration Testing
“What is the difference between a vulnerability scan and a penetration test?” It’s something we are often asked by clients who are considering their security and starting to look at ways to protect themselves and their businesses. Vulnerability scans and penetration...
Why learning from practicing pentesters is the key to success
Cyber security moves fast. Threats evolve at an incredible pace and pentesting techniques change and develop along with them. That’s why your choice of pentesting training provider is an important decision. At North Green Security, we recognise the importance of...
What is Cyber Essentials?
If you are starting to look at cyber protection for your business, then the UK Government backed Cyber Essentials scheme is a great place to start. In fact, these are excellent standards to consider, wherever you are on your journey – at North Green, we go through...
What you need to know about ransomware
The consequences of a ransomware attack can be utterly devastating. The mere thought of a business losing access to its computers, its networks and its data is a nightmare scenario for many – and this fear became a harsh reality for the UK logistics firm KNP Logistics...
Can you spot a phish?
Roughly 8.3 billion emails are sent each day in the UK and nearly half of them are spam or phishing emails. That’s a whole lot of rogue and potentially malicious emails – and a pretty frightening number too! We all know that spam is generally unwanted or irrelevant...
What is CHECK? Exploring qualifications and pathways.
Like many industries, cyber security is full of acronyms and abbreviations – and this also extends into qualifications. We talk to and work with a lot of people who are either trying to break into a career in penetration testing, or who work at a consultancy that...
How can you protect yourself from malware?
The world has changed – and that change is only set to continue. Whether at home or in our professional lives, we are more connected than ever before and have multiple devices that we use daily, from smartphones and tablets to PCs and more. The drawback to this...
How secure is your password really?
For years we’ve been told that the best approach to staying secure is to have a good password. Conventional wisdom says that this should be at least nine characters long and use a combination of upper and lower case characters, numbers, and special characters. But I...
The importance of penetration testing for small businesses
In today's digitally driven world, small businesses are increasingly becoming targets of cyber threats. Yet despite some perceptions that cyber attacks are aimed at large organisations and corporate bodies, the truth is, every business, regardless of size, is...
What is penetration testing – and how can it help protect you?
At North Green Security, we work hard to protect companies of all shapes and sizes against cyber attacks, by conducting penetration tests for them. But, we’ve also learnt that that not everyone knows what penetration testing is – or what it’s used for. In this blog,...
A pentester’s perspective – is AI after our jobs?
One thing that’s hard to avoid on social media recently is AI – and in particular, Chat GPT* which has catapulted its way into virtually everyone’s feed. No longer a subject of discussion amongst those working in or with an interest in tech, there is one main thread,...