What Is An Attack Surface?
As part of his Phishing blog series, Andrew Stanistreet discusses his new challenge and the surprising overlap he’s found with cyber security.
CISA Vulnerability Timeline
As part of his Phishing blog series, Andrew Stanistreet discusses his new challenge and the surprising overlap he’s found with cyber security.
Common Attack Vectors and How to Avoid Them
As part of his Phishing blog series, Andrew Stanistreet discusses his new challenge and the surprising overlap he’s found with cyber security.
Threat Vectors Explained: Types and Examples in Cybersecurity
As part of his Phishing blog series, Andrew Stanistreet discusses his new challenge and the surprising overlap he’s found with cyber security.
What is Continuous Monitoring in Cyber Security?
As part of his Phishing blog series, Andrew Stanistreet discusses his new challenge and the surprising overlap he’s found with cyber security.
CTEM vs ASM: Understanding the Differences
As part of his Phishing blog series, Andrew Stanistreet discusses his new challenge and the surprising overlap he’s found with cyber security.
Enhanced Asset Level and Asset Group Permissions
Our latest update enhances the asset permission capabilities within the platform, introducing Asset Level Permissions and Asset Group Permissions.
Revolutionise Vulnerability Management with ‘One Issue View’ and Enhanced Access Control
Introducing the ‘One Issue View,’ a transformative feature now available on the Main Dashboard and Issues page.
Rootshell Platform – Patch Notes April 2025
April 2025 Application Features One Issue View with Enhanced Permission Capabilities Overview Introducing the ‘One Issue View,’ a transformative feature
Mastering Your Cybersecurity with ASM Visualization: A Game-Changer for Asset Management
March 2025 Platform Release: Attack Surface Management (ASM) Visualization transforms the way organizations monitor and secure their digital assets.
Rootshell Platform – Patch Notes March 2025
March 2025 Application Features Attack Surface Management (ASM) Visualization Overview Introducing the Attack Surface Management (ASM) Visualization, an innovative feature
Rootshell Security Achieves Bronze Award for Defence Employer Recognition Scheme (ERS)
We’re proud to announce that Rootshell Security has been awarded the Bronze Award under the Defence Employer Recognition Scheme (ERS), a significant milestone in our commitment to supporting defence and the Armed Forces community.
Rootshell Platform – Patch Notes November 2024
November 2024 Application Features New Features Asset Unmerging/Reassignment Summary: We are pleased to introduce a new feature that allows users to
Quick Guide to DORA Compliance
The Digital Operational Resilience Act The Digital Operational Resilience Act (DORA) is a game-changer for the financial services industry, requiring
What is the Digital Operational Resilience Act (DORA)?
Introduction As digital technology continues to reshape the financial services industry, the need for strong cyber resilience has never been
How to Prevent Cyber Attacks
In this digital age, both individuals and organizations face significant threats from cyber attacks. Cybercriminals are continually evolving their attacking strategies to
Rootshell Platform – Patch Notes September 23
September 2023 Application Features Email Notification for 2FA Reset – Users will now receive email notifications when their 2FA is reset
A Social-able Phish – A Tale of Meta
Author: Paul Cronin, Co-Founder of Rootshell Phishing scammers, we generally assume, will typically use email as their delivery mechanism to
Rootshell Platform – Patch Notes September 2024
September 2024 Application Features New Feature Asset Query Optimization – This update is part of our ongoing efforts to improve the
Car Security Updates: Who’s Responsible?
Author: Paul Cronin, Co-Founder Introduction A good friend of mine recently told me of the horror of him trying to
Unlock Enhanced Performance and Efficiency with our New Archiving Feature and Custom Import Frequency
As part of our July Platform Release, over the next few weeks, we will be going into more detail about
Operational and Channel Partners Features – July Release
As part of our July Platform Release, we will be going into more detail about each of the key improvements.
Rootshell Platform – Patch Notes July 2024
November 2024 Application Features New Features Data Archiving for Enhanced Performance Summary: In response to the growing datasets of our long-term
Gold Medal Cybersecurity: Paris Olympics 2024
Introduction As global attention converges on high-profile events like the Paris 2024 Olympics, the importance of robust cybersecurity measures cannot
Elevating Security with Precision: Introducing Asset Level ACLs
Asset Level ACLs We continually strive to enhance the functionality and security of our vulnerability management platform. We are pleased
Elevate Your Web App Security and Control with Qualys WAS Reports Integration & Auto DR
Elevate Your Web Application Security with Qualys WAS Reports Integration We’re excited to expand our integration capabilities by adding support
Unveiling Public API v1: A New Era for Channel Partners
Announcing the launch of Public API v1 At Rootshell, we are committed to enhancing the capabilities and success of our
Unleashing New Possibilities: Introducing Public API v1
Enhance Your Cybersecurity Operations At Rootshell, innovation drives our mission to provide the most effective and user-friendly cybersecurity solutions. Today,
MITRE ATT&CK Framework: Aligned Assessments, Management and Reporting
Author: Shaun Peapell, VP of Global Threat Services, Rootshell Security Rootshell have developed a reporting capability aligned to ‘The MITRE
Transforming Partner Cybersecurity Services with MITRE ATT&CK Integration
MITRE ATT&CK® Framework for Partners At Rootshell Security, we are committed to empowering our channel partners with the most advanced
CVE: Common Vulnerabilities and Exposures
Introduction There are 29.32 billion connected devices in the world today and the number is supposed to go up to 45.72 billion
Elevating Cybersecurity: Rootshell Security Introduces MITRE ATT&CK Framework Integration
MITRE ATT&CK® Framework At Rootshell Security, we are continuously seeking ways to advance our cybersecurity tools and methodologies. We are
Organised Crime Using Meta Facebook Market Place
Author: Paul Cronin, Co-Founder and Partner “You will never find a more wretched hive of scum and villainy.” Obi-Wan warns
Expanding Our Platform Capabilities Like Never Before: May Release
May Release As part of our ongoing commitment to enhancing platform functionality and ensuring superior security management, we are excited
Rootshell Platform – Patch Notes May 2024
February 2024 Application Features New Features Public API v1 for Enhanced Enterprise Integration Summary: We are excited to announce the launch
Keyloggers: Part 1
Author: Thomas Gomer, Security Consultant at Rootshell. Device implants are tools used within penetration testing that can be used to
Empowering Cybersecurity Excellence: Unveiling New Operational and Partner Features
We are thrilled to unveil our latest operational and channel partner features, designed to amplify our partners’ brand presence, streamline
Voice Assistants: Navigating the Digital Soundscape Safely
Author: Paul Cronin, Co-Founder and Partner Voice recognition technology in assistants has transformed how we interact with our devices, making
Phishing: Slipping The Net
Author: Andrew Stanistreet, Security Consultant Managed Services Welcome to the second post in my phishing series, in the first I
Game Changers: CVSSv4 Scoring Integration and Enhanced Asset Management
The recent updates to the Rootshell Platform have set new standards in operational efficiency and security management. Among these updates, we’re unveiling
Exploring the New Horizons: Black Kite, TopDesk, and Featurette Module Integration
In a world where cybersecurity threats are ever-evolving, staying ahead with innovative solutions is not just an option but a necessity.
Rootshell Platform – Patch Notes February 2024
February 2024 Application Features New Features Black Kite Intelligence Integration – We are excited to announce the integration of Black Kite
U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC)
Author: Paul Cronin, Co-Founder of Rootshell Back in 2014 when dinosaurs ruled the earth, I was fortunate enough to be
Phishing: Inside The Attacker’s Tacklebox
Author: Andrew Stanistreet, Security Consultant Managed Services Flavours of Phishing In this first post of this blog series, I want
Vulnerability Data: Informed Decisions using AI
Author: Paul Cronin, Co-Founder of Rootshell As a penetration tester, I often found it frustrating that the reports I submitted
Strengthening Wi-Fi Networks: Addressing Security Concerns and Recommendations
Author: Shaun Peapell, VP of Global Threat Services As part of Rootshell’s comprehensive security testing strategies, Wi-Fi network security testing
Platform Improvements: Nessus, Qualys and Burp
Improved Nessus CVSS Scoring In our ongoing efforts to provide seamless integration and data accuracy, we’ve introduced an important enhancement
Vulnerability Correlation Database and Enhanced Tenant Overview
Vulnerability Correlation Database A Revolution in Remediation Management We’re taking cybersecurity to the next level with the introduction of a
Customisable SLA Email and Project Velma
Customisable SLA Email Content We understand that every organization has unique needs and communication styles, especially when it comes to
Rootshell Platform – Patch Notes November 23
November 2023 Application Features New Features SLAs – Customisable Content – We understand that every organization has unique needs and communication
Transforming Red Team Assessments: The Impact of AI
Author: Shaun Peapell, VP of Global Threat Services The cyber security world is an ever-evolving landscape, staying one step ahead
AI: Friend or Foe?
Author: Liam Hackett, Head of Development and creator of Velma, Rootshell’s own AI. It’s been a year since I last
Velma Threat AI: Enhanced Threat Intelligence for Proactive Defense
Contextual Understanding for Informed Decisions: Traditional CVSS scores provide a narrow view of threats. Rootshell tried to solve this problem
Safeguarding Against SMSishing Attacks: Best Practices for Protection
Author: Shaun Peapell, VP of Global Threat Services As a mature Red Team and Simulated Attack house, we often look
Rootshell Successfully Renews FSQS Accreditation
FSQS Registration Renewal We are proud to announce that we have just successfully renewed our registration within the Financial Supplier
Hunting For Vulnerabilities: A Technical Journey & Analysis of Wireless Burglar Alarms
Author: Shaun Peapell (VP of Global Threat Services) Throughout my career, I’ve dabbled with wireless burglar alarm systems, which led
Breaking the Barrier: An Exploration of Physical Door Attacks
Author: Shaun Peapell (VP of Global Threat Services) During this year’s InfoSecurity Show, our team at Rootshell devised an engaging
Surfing and Security: The Challenge of Keeping Your Van Safe
Author: Paul Cronin (Partner and Co-Founder) Anyone who knows me knows that when I’m not involved in IT security, I’m
Rootshell Platform – Patch Notes June 23
June 2023 Application Features Automatic Dynamic Remediation – Rootshell now supports a fully automated end-to-end vulnerability management solution with the ability
Auto-Dynamic Remediation Makes Rootshell Fully-Automated Vulnerability Management Platform
June 2023 Release Rootshell Platform’s June release completes our journey to full automation of vulnerability management; adding the ability to
Automate Based on Business Context with Rootshell’s Powerful Automation Centre
Automate Based on Business Context CVSS scores only tell part of the story of an issue’s severity. Without contextualizing vulnerabilities
Rootshell’s RedForce Team Discover Exploitable Vulnerability in Microsoft OneNote
CVE-2023-33140. Rootshell RedForce testing team has been credited with the discovery of an exploitable hash stealing vulnerability in Microsoft OneNote.
Rootshell Platform – Patch Notes April 23
April 2023 Application Features New Features Automation Centre – Rootshell now supports the creation of automated processes to greatly assist users
Rootshell’s Automation Center Ensures You Never Miss a Critical Issue Again
Never Miss a Priority Issue Again Rootshell Platform’s Automation Center enables teams to create a range of automation rules that
Rootshell Research Team Discover Zemana Antilogger Security Flaws
Previously… Previously, the Rootshell security team discovered several flaws in Data Encryption Systems DESkey hardware kernel drivers. A further issue affects
Rootshell Platform – Patch Notes February
February 2023 New Features New Level 2 Integration | SentinelOne – Rootshell now supports the uploading and parsing of a csv
The Technology Behind Highly Effective Vulnerability Management Programs
Part of our three part series In our three part series on what makes an effective vulnerability management program, we
AI in Software Development: Gimmick or Gamechanger?
Author: Liam Hackett, Head of Development AI is the buzzword of the decade. The most downloaded app on IOS and
What Makes a Successful Vulnerability Management Team?
No one-size-fits-all solutions here! As is the case for any high performing team, the talent and experience of your personnel
The Processes Behind a Highly Effective Vulnerability Management Program
Vulnerability Management Program In its simplest form, a vulnerability management program will consist of running scans, distributing results, and remediating
GIFShell: Beware of Malware!
Author: Liam Romanis (Principal Security Consultant) In previous reports for customers whose Microsoft 365 (M365) configurations have allowed Gifs and
MS12-020: The Case of the Harmful Copy and Paste
Remote Desktop protocol implementation in Microsoft Windows. 2012 saw a spate of vulnerabilities in the Remote Desktop protocol implementation in
The Fortinet FortiClient VPN Bug That Isn’t
Once upon a time… …vendors would be grateful for bug hunters reporting flaws in their software so they could fix
Rootshell Discovered a Critical Vulnerability in Top WordPress Theme
The Rootshell team discovered a critical vulnerability within Avada, the number one best-selling theme on WordPress. Rootshell Security Consultant, Calum
Rootshell Discover An Arbitrary Code Execution Flaw In DESkey’s Devices
The issue affects drivers associated with the DK[23]USB/B and DK[23]USB/D devices, and potentially others. Rootshell’s Research and Development team have
How Rootshell Platform is Helping Address the Log4j Vulnerability
Log4j vulnerability (CVE-2021-44228). Rootshell Platform is helping clients identify and address systems affected by the Log4j vulnerability (CVE-2021-44228). Log4j is a
Hacking a Tesla and Honda with Radio Frequency Manipulation
Author: Paul Cronin (Partner and Co-Founder) Software Defined Radio (SDR) is not a new subject, however the release of the Flipper
Rootshell Discover More Flaws in NetLib Security’s Encryption Products
Update: NetLib have released a patch for the NetLib Encryptionizer Platform. Update: NetLib have released a patch for the NetLib
3 Simple Cyber Security Tips That Everyone Should Implement
Cyber Security Tips As part of Cyber Security Awareness Month, Rootshell’s VP of Threat Services, Shaun Peapell, is sharing actionable cyber
Rootshell Discover a Denial of Service Flaw in NetLib Security’s Encryptionizer Platform
Update: NetLib have released a patch for the NetLib Encryptionizer Platform. Update: NetLib have released a patch for the NetLib
Web Application Security Testing Debunked
Debunking: Automated or Manual? Web applications are popular targets for threat actors; vulnerable applications can offer convenient entry points into
Apple Vulnerability That Was Solved By A Bug
Programmers must display absolute accuracy Recently, we spoke about the difficulty of kernel programming; programmers must display absolute accuracy, as a
Kernel Developers Be Warned!
Not Reading The Documentation Leads To Invalid Patches Kernel programming and driver development are notoriously hard, the primary reason being
Rootshell Discover a Second Remotely Exploitable Bug
Our Team have discovered a second flaw within miniDLNA; a server software that exchanges media files, such as music, images,
SMiShing Attacks: Could this Royal Mail Spoof have Fooled You?
A member of our leadership team received a SMiShing (SMS Phishing) message that appeared to be from the Royal Mail,
How to Prepare for Cyber Essentials PLUS
What is Cyber Essentials Plus? Cyber Essentials PLUS is a UK government-backed certification designed to help protect organizations from common cyber attacks. The assessment provides
Rootshell Discover a Denial of Service Flaw
The Rootshell Security team have discovered a flaw in Dekart Private Disk; a hard disk encryption software for Windows sold
Rootshell Discover KeyScrambler Security Flaw
The Rootshell team have discovered a security issue in KeyScrambler, an anti-keylogger owned by QFX Software, which could enable hackers
Rootshell Discover Remote Heap Corruption Bug
Our Team have discovered a Remote Heap Corruption Bug within miniDLNA and Develop Proof of Concept Exploit The Rootshell Security team have discovered a bug
How Remediation Platforms Are Reinventing Data Handling
Say goodbye to PDFs It’s likely that data guides nearly every decision of your vulnerability remediation process, yet managing it is
6 Ways to Improve your Vulnerability Remediation Process
Six ways you can improve your vulnerability remediation process, including how the Rootshell Platform can help. Managing the remediation of
Working Exploit for the Windows DNS Vulnerability
Rootshell Security Research and Development Lead, Dr. Neil Kettle, writes working exploit for Windows DNS vulnerability … and no, you
ntlm_theft: A Tool For File Based Forced ntlm Hash Disclosure
How to use .Net native tools to run custom binaries Jacob Wilkin | Senior Security Consultant | Rootshell Security Note:
Is Data Backup Cybersecurity?
Does backing up your data really count? There seem to be a growing number of data backup services advertising themselves
Application Whitelisting Bypass Using .Net
How to use .Net native tools to run custom binaries Rafael Gil | Senior Penetration Tester | Rootshell Security Windows
UK Government Suspends Cyber Security Requirements for Suppliers
2020 COVID-19 Impact Shaun Peapell | Vice President, Threat Services | Rootshell Security The necessary restrictions on physical movement caused