Penetration Testing

Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.

  • Security Research as a Service
  • Red Teaming and Attacker Emulation
  • Web Application and API
  • External, Internal, and Wireless Networks
  • Host and SOE
  • Cloud Environments
  • Mobile Applications
  • Bespoke Systems and Applications

Security Review

Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.

  • Network Architecture Review
  • Application Architecture Review
  • Source Code Review
  • DevOps Review
  • General Security Consultancy

Incident Response

For when things go wrong, our experienced and qualified team will help with getting you back on track.

  • Incident Response Preparedness
  • Incident Management and Leadership
  • Forensic Investigations (GIAC Certified Forensic Analysts)
  • Malware Analysis

Featured Releases

Article

Tales From The Crypt: Microsoft Unicode Collation Oddities Leading to Software Vulnerabilities

by Denis Andzakovic • Nov 29 2024

A goblin emoji and an empty string are the same thing, according to Microsoft SQL Server. The issue here is that almost every application language tends to disagree. This can lead to one of my favourite kinds of security issue ever – a whacky processing logic inconsistency between two systems leading to a vulnerability. The bickering-couple of AppSec. This is an article about one such condition, which causes a potential issue for any application using MSSQL as a back-end database. Let’s dive in!

Article

Noot - Encrypted resumable ICMP exfiltration

by Rob Armstrong • Aug 4 2024

Noot: a pair of PowerShell scripts for transferring files using ICMP (ping). Complete with encryption, partial transfer resume, and big (1GB+) file support.

Article

A hex editor and nothing to lose - Binary patching Golang to fix net/http

by Denis Andzakovic • Jul 23 2024

This article is going to look at patching Golang code at the assembly level to modify some behaviour in the net/http standard library. The Golang maintainers aren’t super interested in changing this bit of behavior, so lets fix it ourselves!

Get in touch

How can we help?

+64 4 889 4756