Securus Global is looking to expand its technical delivery team, so that as we grow, we can continue to deliver top-quality security assessments to our clients.
Location: Sydney or Melbourne CBD
Salary: Dependent upon experience.
Work Type: Full Time
The Penetration Tester is a hands-on technical role, primarily involving:
Performing penetration testing (web apps, networks, mobile apps, code reviews, you name it)
Reviewing other technical deliverables, such as penetration testing work and client reports
Presenting technical work to clients and be able to explain various security issues and why they’re important to both technical and non-technical audiences
Contributing to the development of internal tools and methodologies
By Julian Berton (
Recently, I presented a lightning talk at Ruxcon 2014, on a cross-site scripting issue we discovered on a client engagement, and two interesting ways in which we could bypass the WAF present (as well as Firefox’s cross-site scripting filter).
The cross-site scripting issue we found was fairly standard at first, with an initial URI like the following:
This generates a page like the screenshot below, with the reference number pulled from a vulnerable parameter in a URI, with the “jquery.query.get()” function.
By Sebastien Macke,
During penetration testing engagements, we often find ourselves on Windows systems, looking for account credentials. The purpose of this post is to walk through some techniques to gather credentials from Windows systems while being as non-intrusive as possible.
The core principles behind the techniques described in this post are:
Safety – Avoid causing any downtime, by using tools and techniques which are known to be safe, and will not render a system unstable.
Stealthiness – Avoid detection by using tools and techniques that will trigger alerts. Refrain from uploading binaries, turning off the anti-virus, generating suspicious event logs etc.
Efficiency – While Bernardo’s
attempts to cover many of the tools and techniques available for dumping credentials from a Windows host, this post focuses on the most practical way to get the job done.
The Australian government is taking steps to ensure personal information is securely stored in the cloud.
Announcing a new policy for the use of cloud computing, attorney general Mark Dreyfus and minister assisting for the digital economy Kate Lundy emphasised the need for privacy protection.
The London 2012 Olympic Games was at serious risk of a cyber attack, with organisers fearing that the opening ceremony could have been targeted.
Officials have revealed for the first time in an interview with BBC Radio 4 that real threats emerged ahead of the Games, as the whole country's infrastructure was put in jeopardy.
Retailers are likely to find themselves increasingly prone to cyber attacks, especially as their systems become more and more complex.
This is according to Abe Lietz, chief information officer and vice-president of information systems for Jenny Craig, who believes that retailers have so far been largely unaffected.
There is expected to be a considerable rise in Australian security budgets this year, increasing 12.2 per cent compared to 2012.
This is the prediction of Gartner research director Rob McMillan, who believes that budgets in Australia alone could be as high as $1.7 billion by the end of the year.
Cyber security is a growing problem across the world, with the UK intelligence agency GCHQ the latest to reveal the extent to which it is under attack.
Director of the group Sir Iain Lobban explained in an interview for BBC Radio 4 that business secrets are being stolen on an industrial scale, highlighting the need to carry out
Businesses need to realise that cyber criminals will never stop in their quest to compromise systems to obtain data, a new report from Trustwave has established.
2013 Global Security Report
pointed out that new threats are arising just as fast as businesses can implement steps to combat them, so they always need to be on their guard.
The majority of people are willing to give up their personal data, but only if companies can demonstrate a clear incentive for getting them to do so.
These are the results of a
by Infosys, which revealed that there is a level of caution towards data sharing, even in spite of the benefits it can bring.