Security Testing and Assurance

Events

• February 2024
  • Willem Mouton | Webinar
    Get CORIE Ready
• December 2023
  • Willem Mouton | Webinar
    Purple Teaming – Kicking your cyber defence tyres
• August 2023
  • Vikki Grouios | Girl Talk Cyber Podcast
    Ethical Hacking and Offensive Security
• July 2023
  • Raafey Khan | OWASP Day NZ
    OWASP Projects and Tools to Secure Your SDLC
  • Fadzayi Moyo | Australian Cyber Con
    The ‘A’ in Application Security is for Agile
  • Raafey Khan | Webinar
    Develop Fast & Stay Secure: Embedding security in the development lifecycle

Training

Shofe Miraz

Organisation and coordination for Hack and Learn monthly InfoSec meetup

David Sowerbutts, KS Lam, Liam O’Brien, Fletcher Creed

Facilitated the Lockpicking Village at CrikeyCon

Blogs

Tools

PurpleOps →

An open-source self-hosted purple team management web application.

Efflanrs →

Turn your Snaffler output into a nice searchable and sortable interface.

Email Spoof Check  →

Audit your domain’s SPF and DMARC configuration.

Peep  →

A tool designed to hook into Windows applications and output named (and anonymous?) pipe traffic.

Pipe Client Impersonation Server →

Creates a malicious named pipe server that impersonates connecting clients and executes arbitrary commands under their security context.

Jailbreak/Root Detection Bypass in Flutter →

Frida script designed to bypass security checks that are implemented using the IOSSecuritySuite module in iOS applications and Rootbear in Android Applications.

Virtual Wireless Lab →

A series of different lab exercies with the aim to teach the fundamentals around pentesting of 802.11 networks.

Conditional Match and Replace →

A Burp extension allowing you to create match and replace operations that execute only when a condition is matched.

NSEC(3) Walker →

Automates extracting DNS zones akin to an AXFR zone transfer or a “zone dump”.