Real World Testing

We look at your business like your real adversaries would. They won't go easy and we won't either.

Penetration Testing

Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.

  • Red Team Engagements
  • Web Application and API
  • External, Internal, and Wireless Networks
  • Host and SOE
  • Cloud Environments
  • Mobile Applications
  • Bespoke Systems and Applications

Security Review

Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.

  • Network Architecture Review
  • Application Architecture Review
  • Source Code Review

Security Incidents

For when things go wrong, our experienced and qualified team will help with getting you back on track. The time immediately after a security incident is make or break, and the right choices are critical.

  • Incident Response
  • Forensic Investigations (GIAC Certified Forensic Analysts)

Featured Releases

Advisory

Kanboard 1.2.7 Multiple Vulnerabilities

by Will Boucher • Feb 11 2019

Kanboard 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to disable an account’s 2FA configuration. A lack of integrity checking or transport layer encryption enforced on plugins enables remote code execution by a malicious admin. Other vulnerabilities include: session privilege retention, 2FA bypass, database user_id and pre-2FA information disclosure.

read more
Advisory

Go-pandoc - LUA filter remote code execution

by Denis Andzakovic • Jan 29 2019

Go-pandoc is vulnerable to remote code execution through a user included LUA filter. An attacker can upload a LUA file to a known location on the file system due to a predictable temporary directory being used when handling certain file type includes. The uploaded LUA file can then be used as a filter in a subsequent request, allowing for the execution of arbitrary LUA code.

read more
Article

Office 365 Audit Logging and Email scams

by Rob Armstrong • Nov 30 2018

We’re coming across more and more instances of Office 365 accounts with suspicious activity. Unfortunately the logging defaults in Office 365 are unsatisfactory and a little additional configuration is required to improve the effectiveness of the logging, especially in regards to user activity.

Get in touch

Interested in working with us?

+64 4 889 4756