Security Testing and Assurance
Industry contributions
CyberCX’s Security testing and Assurance team are dedicated to leading the global market in innovative security testing and assurance, while nurturing the industry’s most skilled consultants to secure our communities.
Events
- November 2024
- KS Lam | AISA Melbourne
How safe is safe? Exploiting the vitality of physical security in an ever-evolving world and its parallels to cyber security. - Carter Smith | AISA Melbourne
What you don’t know can hurt you - Jorel Paddick | Guest Lecturer at Curtin University
Behind the Firewall - DR Joel Panther | BSides Gold Coast
Stop spying on me!’ Blocking adversarial DNS requests - Jacob Larsen | BSides Melbourne
Crabby’s Credential Stuffing: How the new wave of Australian fraudsters are targeting you
- KS Lam | AISA Melbourne
- October 2024
- Liam O’Shannessy | SXSW
“From Panic to Poise – dealing with breaches
- Liam O’Shannessy | SXSW
- September 2024
- BSides Canberra
- Ayman Sagy | Presentation
V8 Internals - Shain Lakin | Presentation
Modernising Long Range RFID Hacking - David De Lille | Winner of the lock picking competition
- Ayman Sagy | Presentation
- BSides Canberra
- August 2024
- 60 Minutes
Scam HQ - Jacob Larsen | Black Hat USA | Las Vegas
From Doxing to Doorstep: Exposing Privacy Intrusion Techniques used by Hackers for Extortion - The Register
Mega money, unfathomable violence pervade thriving underground doxxing scene - Hunted TV Series
Season 3
- 60 Minutes
- February 2024
- Willem Mouton | Webinar
Get CORIE Ready
- Willem Mouton | Webinar
- December 2023
- Willem Mouton | Webinar
Purple Teaming – Kicking your cyber defence tyres
- Willem Mouton | Webinar
- August 2023
- Vikki Grouios | Girls Talk Cyber Podcast
Ethical Hacking and Offensive Security
- Vikki Grouios | Girls Talk Cyber Podcast
- July 2023
- Raafey Khan | OWASP Day NZ
OWASP Projects and Tools to Secure Your SDLC - Fadzayi Moyo | Australian Cyber Con
The ‘A’ in Application Security is for Agile - Raafey Khan | Webinar
Develop Fast & Stay Secure: Embedding security in the development lifecycle - Hunted TV Series
Season 2 - 60 Minutes
Scamdemic
- Raafey Khan | OWASP Day NZ
- July 2023
- Raafey Khan | OWASP Day NZ
- February 2023
- SBS Insight
Identity Crime
- SBS Insight
- July 2022
- Hunted TV Series
Season 1
- Hunted TV Series
Carter Smith – AISA Melbourne
KS Lam – AISA Melbourne
Hunted TV Series – Season 3
Fadzayi Moyo – Australian Cyber Con
60 Minutes: Scamdemic
Training
Shofe Miraz
Organisation and coordination for Hack and Learn monthly InfoSec meetup
David Sowerbutts, KS Lam, Liam O’Brien, Fletcher Creed
Facilitated the Lockpicking Village at CrikeyCon
Blogs
- Insights from 100 Purple Teams
- How do you protect yourself against doxing?
- Zero Day Remote Code Execution in Netcomm NL1901ACV VDSL Modem
- Beautifying Snaffler
- Voices of deception: Exploring the ease of account takeover through vishing
- Beyond spreadsheets and sticky notes
- Colour me purple
- Introduction to Cross-Site Leaks (XS-Leaks) – Attacks and Mitigations
- Flutter Restrictions Bypass
- Hardware Hacking to Bypass BIOS Passwords
- Fickle Multi-Factor Authentication in Microsoft 365
- Azure SSRF Metadata
Tools
PurpleOps →
An open-source self-hosted purple team management web application.
Efflanrs →
Turn your Snaffler output into a nice searchable and sortable interface.
Email Spoof Check →
Audit your domain’s SPF and DMARC configuration.
Peep →
A tool designed to hook into Windows applications and output named (and anonymous?) pipe traffic.
Pipe Client Impersonation Server →
Creates a malicious named pipe server that impersonates connecting clients and executes arbitrary commands under their security context.
Jailbreak/Root Detection Bypass in Flutter →
Frida script designed to bypass security checks that are implemented using the IOSSecuritySuite module in iOS applications and Rootbear in Android Applications.
Virtual Wireless Lab →
A series of different lab exercies with the aim to teach the fundamentals around pentesting of 802.11 networks.
Conditional Match and Replace →
A Burp extension allowing you to create match and replace operations that execute only when a condition is matched.
NSEC(3) Walker →
Automates extracting DNS zones akin to an AXFR zone transfer or a “zone dump”.