Cisco Pivoting for Penetration Testers

On a recent engagement we faced a difficult target with minimal external attack surface. Their website had a few flaws, but it was hosted externally with a third party. Even if we could compromise the site, it likely wouldn’t result in the internal network...

Security Testing Buyer’s Guide

Introduction Ionize has a long history of providing security services to a wide range of clients, be it government, academic, or commercial sectors. In our experience, there is a large amount of confusion as to what style of security assessment will achieve the goals...

BSidesCTF 2016 – n0m n0m… n0m

Intro n0m n0m… n0m was a 250 point forensics challenge written by myself for the BSides Canberra CTF. The event was great fun and this challenge was solved by 9% of the actively playing teams. Before we start looking at the solution, you can have a crack at most...

Offensive Security and the Playground

Who’s Offensive Security? Offensive Security are known as arguably the leading training provider in the Information Security industry today. Focusing on highly practical certifications the team are responsible for some of the most well known penetration testing...

LFI? RFI? NFI?

This post is intended to give an overview of the common methods of exploiting file inclusion vulnerabilities. Both remote and local file inclusion topics will be covered. What is File Inclusion? Let’s look at the following code: <?php...