Cyberis Blog

Reassuringly clear thinking.

  • Penetration testing
  • Research
  • Tools and techniques

Keeping the Consultant in the Loop: How AI Supports Our Security Testing Strategy

Artificial intelligence is rapidly changing the security testing landscape, but effective penetration testing still depends on experienced consultants exercising judgement, creativity, and accountability. In this blog, we explain how Cyberis is using AI to accelerate analysis, improve efficiency, and support consultants during engagements, while ensuring that every finding remains validated and consultant-led. We also explore the risks, limitations, and security considerations around AI usage, including data handling, model deployment, and why human expertise remains critical when assessing real-world business risk.

Read more
  • Penetration testing
  • Research
  • Tools and techniques

When project files become instructions: AI agents, CI pipelines and the new attack surface

AI agents now read repository files, skills, plugins and CI context as part of normal operation, which creates new attack paths across local development and automated workflows. This blog explains how those instruction channels work, why they matter from a security perspective, and what organisations should do to manage the risk before unsafe patterns become normalised.

Read more
  • News
  • Penetration testing
  • Red teaming
  • Research
  • Tools and techniques

One Identity Secure Password Extension Privilege Escalation (CVE-2025-27582)

Cyberis has discovered a local privilege escalation (LPE) vulnerability - CVE-2025-27582 - in One Identity Secure Password Extension x64 v5.14.3.1, a component of One Identity Password Manager. By abusing the Password Self-Service feature available on the Windows lock screen, an attacker can bypass security restrictions, launch a SYSTEM-privileged print dialog, and ultimately gain a SYSTEM shell. This vulnerability requires only local access and is trivially exploitable in environments where this software is deployed. An attacker can escalate to SYSTEM directly from the logon screen—without requiring valid credentials.

Read more
  • Detect and respond
  • Red teaming
  • Research

Microsoft Bookings – Facilitating Impersonation

Microsoft Bookings introduces a significant security risk by allowing end users to create fully functional Entra accounts without administrative oversight. These accounts, tied to shared Booking pages, can be exploited for impersonation, phishing, and email hijacking. Attackers could leverage this functionality to bypass security measures, gain unauthorised access to sensitive resources, and facilitate lateral movement within an organisation. Our blog explores these weaknesses in detail and provides recommendations for detection and mitigation.

Read more
  • Penetration testing
  • Research
  • Tools and techniques

Bypassing IP based brute force protection with IPv6

Brute-force protections – designed to protect against attacks like password guessing – need to be carefully pitched and have associated pros and cons. Many popular protections these days rely upon monitoring and blocking malicious activity based on source IP address. In this blog post, we explore using IPv6 temporary addressing to bypass IP based brute-force protection.

Read more
  • Cloud risk management
  • Research
  • Tools and techniques

Intune hacking: when is a "wipe" not a wipe

In this blog post we explore privilege escalation to SYSTEM with Intune managed devices, and how an Intune "Wipe" is not really a wipe at all.

Read more
  • Research

CVE-2021-20047: DLL Search Order Hijacking Vulnerability

When looking for methods of execution in controlled environments, software components are an essential area of review. With the implementation of controls such as AppLocker, running arbitrary executables becomes more difficult. In most environments we test, AppLocker is now a common configuration implementation which serves to reduce the attack surface by defining the permitted locations an executable is allowed to run from.

Read more
  • Research

Let's Talk Quantum Cryptography Pt 2

When testing these types of systems, vulnerabilities can be broken down into two broad classes: Inherent flaws – These occur when an assumption made during the creation of a protocol doesn’t hold to be true, a new mathematical technique for example may break the security of the protocol. An example of a protocol with inherent flaws would be SSLv3. Implementation flaws – These occur because physical systems aren’t perfect, nor is our adaptation of theoretical principles to physical mediums. Where these imperfections exist so does the potential for exploitation. Today we’ll be looking at some implementation flaws, but to begin let’s have a think about the set-up Alice and Bob will need to carry out the steps of the BB84 protocol.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis