Security Best Practice
Library.
Free.
CVE advisories, incident response case studies, and hardening guides written by CREST-certified analysts. Covering penetration testing, SOC operations, M365 hardening, and threat intelligence.
Cyber Security Glossary
The definitive reference for 40+ key cyber security terms, from penetration testing and red team operations to SIEM, MITRE ATT&CK, compliance frameworks, and threat intelligence. Written by CREST-certified experts.
Terms covered
Coverage
40+
Security terms defined
Threat Intelligence
CVE advisories, active exploits, and attacker TTP analysis from the Precursor SOC.
Belsen Group Leaks 15,000+ FortiGate Credentials
Precursor observed a hacking group sharing over 15,000 FortiGate credentials following a historic mass exploitation campaign. Here is what to do now.
VMware ESXi Exploited by Ransomware Actors (CVE-2024-37085)
Microsoft Research revealed a vulnerability allowing malicious actors to obtain administrative control over VMware ESXi and deploy ransomware.
SEO Poisoning Delivering MSIX Installer Malware
Precursor SOC tracks threat actors abusing SEO search terms to trick users into installing malware via signed MSIX packages.
WooCommerce Subscriptions Persistent XSS (CVE-2019-18834)
A persistent XSS vulnerability in WooCommerce Subscriptions allowed unauthenticated users to execute scripts in the WordPress admin panel.
MITRE ATT&CK v15 Released
MITRE releases ATT&CK v15 with a key focus on detection engineering, visibility improvements, and expanded ICS coverage.
How-To Guides
Technical hardening guides, configuration walkthroughs, and security checklists.
A Guide to CREST Penetration Testing
What CREST accreditation means, certification levels (CPSA, CRT, CCT), when it is required, costs, and how to choose a CREST-accredited provider.
Row-Level Recklessness: Testing Supabase Security
Common security pitfalls in Supabase apps, from MFA bypasses to misconfigured RLS policies, with practical testing guidance.
7 Steps to Secure Your Microsoft 365 Environment
Microsoft 365 handles business-critical operations for organisations of every size. Seven key steps to lock down your tenant effectively.
Managing Exposure to Malicious Browser Extensions
51% of installed browser extensions are high risk. How Microsoft Defender XDR, Sentinel, and CrowdStrike can detect and contain them.
Vulnerability Assessment vs Penetration Testing: What's the Difference?
A vulnerability assessment identifies known weaknesses at scale. A penetration test proves what an attacker can exploit. Most organisations need both.
Internal vs External Penetration Testing: Which Does Your Organisation Need?
Internal pentesting simulates an attacker inside your network. External pentesting targets internet-facing assets. PCI DSS 4.0 requires both annually.
Beginner's Guide to Vulnerability Triage
An actionable guide to triaging and prioritising vulnerabilities using CVSS, EPSS, CISA KEV catalog, and compensating controls.
How to Secure Microsoft Office Desktop Deployments
Despite the push to cloud, Office desktop apps remain widely deployed. Technical guide to hardening Word, Excel, and PowerPoint.
Vulnerability Remediation: Don't Forget Regression Testing
Why regression test coverage is essential after patching vulnerabilities, and how to build it into your remediation workflow.
Vendor Onboarding Security: How to Vet New Suppliers
35.5% of breaches originate from third parties. A practical guide to tiered vendor risk assessment, the 10 security questions to ask every supplier, and contractual safeguards.
API vs Web Application Penetration Testing: When You Need Both
The difference between API and web application penetration testing, what each covers, and why best practice is to test both together when a front end communicates with a backend API.
OWASP Top 10: What a Penetration Tester Actually Looks For
How CREST penetration testers test each OWASP Top 10 2025 category. The scanner vs tester detection matrix, real testing techniques, and what the Top 10 misses.
SQL Injection Explained: How Testers Find It and How Developers Prevent It
What SQL injection is, the types penetration testers look for, vulnerable vs secure code patterns, and why it remains in the top 3 findings in web application assessments.
Cross-Site Scripting (XSS): Types, Examples, and How to Prevent It
Reflected, stored, and DOM-based XSS explained with real payload examples. How testers find XSS, why CSP alone is not enough, and the defence-in-depth prevention stack.
WAF Bypass: Why a Web Application Firewall Alone Will Not Protect You
What a WAF blocks, what passes through (IDOR, business logic, JWT manipulation), and the encoding techniques attackers use to bypass WAF rulesets.
Business Logic Vulnerabilities: What Automated Scanners Miss
IDOR, privilege escalation, payment manipulation, workflow bypass, and race conditions. The vulnerability classes that only manual penetration testing finds.
SAST vs DAST vs Penetration Testing: Which Does Your Web Application Need?
The differences between SAST, DAST, SCA, and manual penetration testing. When to use each, what they find, and why the full stack matters at every maturity level.
SOC & Incident Response
SOC operations, MDR capabilities, and real-world incident response from the Precursor team.
Preventing Direct Send Phishing in M365
Precursor's SOC observed attackers exploiting Microsoft 365's Direct Send feature to send convincing phishing emails from trusted internal domains.
Understanding Managed Detection and Response
50% of UK businesses experienced a cyber breach in the last 12 months. How MDR improves detection, security posture, and cyber insurability.
Incident Response in Citrix Environments
SOC Lead analysis of the ransomware landscape targeting Citrix environments, and the incident response playbook for containment.
Compliance
Frameworks, certifications, and regulatory guidance for UK organisations.
What Cyber Insurance Actually Covers in 2026 (and the Exclusions Nobody Reads Until It Is Too Late)
First-party losses, third-party liability, incident response services, and the exclusion categories that catch UK buyers out at claim time. Coverage matrix, 8-point checklist, and FAQ.
What the UK Cyber Security and Resilience Bill Means for Your Business
The CSRB introduces 24-hour incident reporting, penalties up to £17M or 4% of turnover, and brings managed service providers into regulatory scope for the first time.
Cyber Essentials vs Cyber Essentials Plus: Which Level Do You Need?
Side-by-side comparison of costs, assessment process, pass rates, and which UK government contracts require each certification level.
Cyber Essentials: The Essential Guide
Full breakdown of all five Cyber Essentials controls, scope definition, and the recent requirement updates that affect certification.
Beginner's Guide to the NHS DSP Toolkit
NHS DSP Toolkit overview, Standard 9 deep-dive, evidence requirements, and submission guidance for NHS and healthcare organisations.
Strategic & CISO
Board-level guidance, M&A cyber due diligence, and strategic security thinking for senior leaders.
Cyber Security Due Diligence in M&A: Why Penetration Testing Can Save You Millions
Cyber due diligence goes beyond questionnaires. Learn why penetration testing, compromise assessments, and vulnerability scanning are essential before closing an acquisition.
Post-Merger IT Security: How to Secure Two Environments After an Acquisition
Network isolation, compromise assessments, asset inventory, and EDR deployment. A structured guide to securing IT after an acquisition or merger.
AI for Security: From Copilots to Agents
Deep dive into the transformative role of AI in Security Operations, from LLM copilots to fully agentic automated SOC workflows.
Cyber Insurance and MSSPs: Working Together
How cyber insurers and managed security providers increasingly collaborate on risk assessment, underwriting, and incident response.
Cyber Security in M&A and Investments
Cyber due diligence for M&A and SaaS investment: how to identify inherited technical debt and security risk before the deal closes.
Communicating Cyber Security Risk to the Board
Ten practical tips for senior security leaders communicating risk, investment cases, and incident status to boards and executives.
Why Law Firms Are Attractive Targets for Cyber Criminals
The legal sector handles sensitive data and large client funds, making it a prime target. What to do about it.
Company News
Accreditations, framework placements, and Precursor Security milestones.
Precursor Joins the Shadowserver Alliance
Daily KEV feeds and global honeypot telemetry now flow into Precursor's SOC, pentest, and Intelligence platform, putting defenders ahead of the public KEV list.
Precursor Achieves CREST SOC Accreditation
The Precursor SOC achieved CREST accreditation, independently validating our commitment to delivering the highest quality MDR services.
Precursor Awarded Position on CCS G-Cloud 14
Precursor Security accepted onto the Crown Commercial Service G-Cloud 14 framework, enabling direct procurement by UK public sector bodies.
About the Intelligence Library
How often does Precursor Security publish new content?
New security advisories, CVE analysis, and threat intelligence pieces are published as events warrant, typically multiple times per month. Longer-form guides, incident response case studies, and CISO-level articles are published on an ongoing basis by our analyst team.
Are all guides and resources free to access?
Yes. Every article, guide, checklist, and template in this library is free to access without registration. Some resources (such as the Cyber Essentials Template Pack) include free downloadable assets available via our contact page.
Who writes Precursor Security's content?
Content is written by our CREST-certified security analysts, penetration testers, and SOC engineers. Technical research pieces include named authors. All content reflects live operational experience from active penetration testing and SOC engagements.
How do I receive new security advisories and articles?
Subscribe to our security newsletter via our contact page to receive CVE alerts and new article notifications. You can also follow Precursor Security on LinkedIn for real-time threat intelligence updates and new article announcements.
Weekly Vulnerability
Roundup
Critical CVEs, security patches, active exploitation trends, and prioritised remediation guidance delivered every Monday morning by CREST-certified analysts. Free for security teams, IT managers, and CISOs.
Subscribe, it's free
Already running
2+ years