Pulse Security is a specialist information security consultancy.
We're here to help your business stay protected from adversaries.
We look at your business like your real adversaries would. They won't go easy and we won't either.
We go beyond just using automated tools, instead using skills and techniques that real adversaries do.
We help you prepare and respond to cyber security incidents.
We're focused on offensive security, including dedicated research days to continually develop our skills.
All engagements follow our comprehensive technical methodologies and quality assurance process.
Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.
Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.
For when things go wrong, our experienced and qualified team will help with getting you back on track.
Network pivoting is a fancy name we use to describe sending network traffic via one or more hosts that we’ve compromised. It lets us get behind firewalls, access more stuff and is an essential component of serious malware. This is the story of a highly portable network pivot I created. It’s based on (more or less) stealing code from some malware I reverse engineered as part of an incident response engagement.
Penetration testing and vulnerability research are not the same thing. At Pulse Security, we’ve taken a different approach to certain penetration and security testing engagements. We’ve begun using a vulnerability-research based approach where we collaborate directly with client staff to understand and assess complex or heavily integrated systems. We’re calling it our “hybrid security assessment” service which can include aspects of threat modelling, attacker analysis, network testing, architecture review, application testing, reverse engineering, source code review, and more, as needed to fully understand and assess the security of large and complicated systems.
Multiple vulnerabilities were discovered within GoCD. These issues allowed for retrieval of the master secret key from a compromised agent, impersonation of arbitrary agents and remote code execution through deserialization. All vulnerabilities in this advisory are presented from the perspective of an attacker who has either compromised an existing GoCD agent (or its network traffic) or has access to view the GoCD configuration XML (either through the web ui or via a configuration backup).
read moreHow can we help?
+64 4 889 4756
info at pulsesecurity.co.nz