Last week @thekenmunroshow.bsky.social presented at the EEMUA Conference 2025, looking at cyber security challenges shared between maritime and industrial systems in his talk, "Marine cyber security – plain sailing or a rough passage?"

It’s always DNS, right? Except when it’s DNSSEC. An interesting issue with NSEC/NSEC3 records that can allow zone walking:

Speaking at the IATA WDS this afternoon: Securing legacy systems in aviation. There might be some floppy discs and old operating systems involved….

After finding Rockchip MCUs in multiple cheap phones targeted at kids, we realised the bootloader exploit isn’t that well documented. So here you go!

How do you pen test and assure the security of avionics and airborne systems in a certified, safety- critical environment? ED-203a is a great start: www.pentestpartners.com/security-blo...

Another bucket list item ticked - got to do the Airbus Hamburg factory tour. No photos allowed inside, so this is as good as it gets! Got to see lots of interesting systems and think more about ED-203a and airplane cyber

Testing OT is complex: go hard at live systems and you'll cause disastrous, terminal outages. If you don't, you will miss critical issues. There's a middle way: www.pentestpartners.com/security-blo...

We got curious about cheap, tiny phones promoted to children on social media, so we bought a few to see what’s inside... Read our blog on this here: www.pentestpartners.com/security-blo... #CyberSecurity #DigitalSafety

Maritime cybersecurity isn’t just for large fleets—small operators face risks too. Complying with security standards can feel daunting, but it’s important to protect your systems and data from attack. Read here: www.pentestpartners.com/security-blo...

Bodycams are a really interesting challenge for security - the need to preserve the evidence chain in a mobile device, yet also the need to protect the organisation using them.

🤦‍♂️ Malware artefacts and worse on phones marketed to children…

New career awaits: washing the PTP CAN hacking demo car for some TV filming today

Door access pass cloning is a real risk, but it doesn't have to be. Simple config changes can hugely reduce risk: www.pentestpartners.com/security-blo...

Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy. But is it enough to only have a secure boot on your main processor? What about sub-systems without secure boot capabilities? 🤔 www.pentestpartners.com/security-blo...

Incident preparation doesn't always have to be complex and technical. Sometimes the simplest things can make a big difference. Where do you keep your insurance documents, for example? Not much use if they are on a ransomed network share.... www.pentestpartners.com/security-blo...

Just occasionally, detail of hacks at ports emerge in legal documentation. Here's another one to add, showing the efforts that drug smugglers make to exploit shipping & port technology, together with coercion of the people involved: www.pentestpartners.com/security-blo...

I met Viktor at BSides Bristol, we had a chat after and he kindly invited me on his podcast. We covered lots of topics, but all areas I'm passionate about. Hope you enjoy it! vpetersson.com/podcast/S01E...

The shortage of rental property in the UK is creating opportunity for scammers to con desperate potential renters. We helped Channel 4 track them down for the UNTOLD series. @tbroberts02.bsky.social explains, with plenty of helpful advice: www.pentestpartners.com/security-blo...

Anyone here ever seen a used Catapult Vector receiver for sale? I’ve searched hard, but looks like only route is a $50k complete system purchase from them direct, new! Ideas welcomed, from an inquisitive Northampton Saints fan…