Pulse Security is a specialist information security consultancy.
We're here to help your business stay protected from adversaries.
We look at your business like your real adversaries would. They won't go easy and we won't either.
We go beyond just using automated tools, instead using skills and techniques that real adversaries do.
We provide unbiased, independent advice. There is no upsell.
We're focused on offensive security, including dedicated research days to continually develop our skills.
All engagements follow our comprehensive technical methodologies and quality assurance process.
Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.
Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.
For when things go wrong, our experienced and qualified team will help with getting you back on track. The time immediately after a security incident is make or break, and the right choices are critical.
This article explains a technique we discovered for bypassing a web application firewall or blacklist to trigger an expression language injection and get remote code execution, without being able to pass certain strings.
2019 was a big year for us at Pulse. We found a lot of bugs, compromised a lot of boxes and wrote a lot of reports. This post will provide an overview of three generic things that made our lives as attackers difficult last year. We’ll cover strong password policies, multi-factor authentication and a surprisingly effective phishing control. This post explains how these security controls made a few of our engagements harder for us.
By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board. This post demonstrates the attack against an HP laptop logic board using a TPM1.2 chip and a Surface Pro 3 using a TPM2.0 chip. From bus wiring through to volume decryption. Source code included.
Interested in working with us?
+64 4 889 4756
info at pulsesecurity.co.nz