Cyber threats are continuing to evolve, grow in sophistication and be more pervasive, causing traditional security measures to be no longer sufficient. This inadequacy has paved the way for the adoption of Zero Trust security strategies, a paradigm shift in how security is approached and implemented within organisations. Organisational adoption of Zero Trust security frameworks… Continue reading Embracing Zero Trust Security: A Strategic Imperative for Modern Businesses

Stealer malware, or information-stealing malware, is a type of malicious software designed to gather sensitive information typically targeting personal, financial, or business-related data. The data collected could include passwords, financial information, corporate data, and personal identification details. Once installed, this malware operates discreetly, often without triggering any noticeable alarms, making it particularly dangerous. The functionality… Continue reading The Rise of Info Stealer Malware: A Growing Threat to Businesses

Those who use the different AI support technology available, are seeing a trend, that the results, generally speaking, produced by the tools are getting better every month. There is still the old computing issue of garbage in, garbage out, but as we learn to better seed the bots and the bots learn what data we… Continue reading Will AI Kill the Pen Testing Star

In the era of rapid technological advancement, the proliferation of AI platforms is revolutionising the way we interact with digital information, enhancing productivity, and streamlining decision-making processes. However, this same technology, designed to simplify and enrich our lives, is being weaponized by hackers and bad actors. These individuals exploit the capabilities of AI to orchestrate… Continue reading How AI is Impacting Cybersecurity and Penetration Testing

In the digital era, cybersecurity breaches are a critical concern globally, and Australia is no exception. With the increasing dependency on digital platforms, Australian businesses face significant challenges in safeguarding data. The Office of the Australian Information Commissioner (OAIC) plays a pivotal role in monitoring these breaches, providing valuable insights into the cybersecurity landscape in… Continue reading The Impact of Cybersecurity Breaches on Australian Businesses in 2023

Penetration testing – or pen-testing as we colloquially call it – is a crucial component to a robust security programme in any organisation. As management, it’s critical you understand where pen-testing fits into your programme and what it can do for your organisation. Equally important is what it can’t do, and how the different “flavours”… Continue reading Black Box Penetration Testing

AWS is an incredibly powerful cloud platform that enables businesses to quickly and efficiently deploy a wide range of software and services to end users.  This feature-rich environment does of course increase the attack surface that bad actors have to exploit, especially when combined with lax configurations and poorly designed APIs. In this blog post,… Continue reading When it all goes wrong on AWS – how an SSRF can lead to full control of your EC2 infrastructure

Using the tool Zeek, formally known as bro, is a high-level packet analysis program. It originally began development in the 1990s and has a long history. It does not directly intercept or modify traffic, rather it passively observes it and creates high-level network logs. It can be used in conjunction with a SIEM to allow… Continue reading Using Zeek to detect exploitation of Citrix CVE-2019-19781

This post explores how an ASP.NET project incorrectly disclosing its web.config containing static keys allows for remote code execution. The common cases for exploiting this vulnerability would be if the web application has published it’s static machine keys to GitHub, such as with the example project for this post (https://github.com/ozajay0207/EGVC) or if the application has… Continue reading Exploiting ASP.NET ViewState Misconfigurations for Remote Code Execution