Sam Shute

Director (Offensive Security Services)
As a Technical Director at Bastion Security, Sam has a wide range of experience, from teaching students to practical exploitation, and research.
Talk to an expert
Highlights

Career highlights

Currently Sam's areas of focus include Red Teaming, Hardware Hacking, and Biometrics. During his time at Bastion Security (and previously Quantum Security) Sam has enjoyed compromising the networks of most major banks, government departments, and infrastructure providers in the country.

Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.
Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server - (CVE-2026-12620)
During a security engagement, Leo Diamat discovered that the GridTime 3000 GNSS Time Server web application transmitted session access tokens via URL query string parameters on multiple endpoints.
Cross-Site Scripting (XSS) Vulnerability on Several Endpoints by Utilising Cross-Site Request Forgery (CSRF) in GridTime™ 3000 GNSS Time Server - (CVE-2026-12619)
During a security engagement, Leo Diamat discovered that multiple endpoints in the GridTime 3000 GNSS Time Server web application were vulnerable to reflected Cross-Site Scripting (XSS) via an unsanitised token parameter.
PHP-FPM (PHP Source) - Stored Cross-Site Scripting (XSS) (CVE-2026-6735)
During a security engagement, Conrad Draper discovered a stored XSS vulnerability in the PHP-FPM status endpoint which was due to a lack of input sanitisation of the request URI. This affects the request URI when displaying stored content.
Discover our services

We have the tools to pinpoint risks

Whether it’s hidden vulnerabilities or patterns you might miss, we help you stay one step ahead and make confident, informed decisions. Understand how our services can help your business uncover critical risks

Talk to an expert
Employee Cyber Training & Awareness
Your people are your first line of defence. Our cyber training builds awareness and sharpens their instincts.
Advisory
When clarity is critical and stakes are high, our advisory services deliver strategic, executive-level security expertise that empowers decision-making.