Real World Testing

We look at your business like your real adversaries would. They won't go easy and we won't either.

Penetration Testing

Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.

  • Red Team Engagements
  • Web Application and API
  • External, Internal, and Wireless Networks
  • Host and SOE
  • Cloud Environments
  • Mobile Applications
  • Bespoke Systems and Applications

Security Review

Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.

  • Network Architecture Review
  • Application Architecture Review
  • Source Code Review

Security Incidents

For when things go wrong, our experienced and qualified team will help with getting you back on track. The time immediately after a security incident is make or break, and the right choices are critical.

  • Incident Response
  • Forensic Investigations (GIAC Certified Forensic Analysts)

Featured Releases

Office 365 Audit Logging and Email scams

We’re coming across more and more instances of Office 365 accounts with suspicious activity. Unfortunately the logging defaults in Office 365 are unsatisfactory and a little additional configuration is required to improve the effectiveness of the logging, especially in regards to user activity.


Microsoft DirectX Memory Corruption (CVE-2018-8563)

A memory corruption vulnerability exists in Microsoft DirectX. The corruption happens as a result of the incorrect handling of text, while running CSS tranformations, resulting in an out-of-bounds-read. It is possible to trigger this vulnerability remotely via Internet Explorer. An attacker can use this vulnerability to disclose memory of a victim’s machine. Generally, such vulnerability is chained with a Remote Code Execution vulnerability and used to bypass common defenses.

read more

Adventures with the Ducati CAN bus

In this article I’ll be taking a look at the CAN bus network in a 2009 Ducati 848. How to find the bus, confirm the high and low lines with a scope and analyse messages with a Linux box and socket-CAN. The aim of the game is to identify a way to get onto the bus, and then analyse the messages going across the bus. We’ll end up figuring out how to log the throttle position and RPM data, how the immobilizer is implemented and how to bypass it.

Get in touch

Interested in working with us?

+64 4 889 4756