Cisco Pivoting for Penetration Testers

On a recent engagement we faced a difficult target with minimal external attack surface. Their website had a few flaws, but it was hosted externally with a third party. Even if we could compromise the site, it likely wouldn't result in the internal network access we...

read more

Deserialisation Vulnerabilities

Seemingly one of the most overlooked security vulnerabilities in the web applications that we test is the deserialization of untrusted data. I say overlooked because awareness of this issue seems to be comparatively low among web developers. Contrast that with the...

read more

Everything you run is SYSTEM

If you're ever running any programs on an account with administrative privileges, it might be tempting to think "It's alright; at least if this account is compromised, the attacker won't be able to obtain NT AUTHORITY\SYSTEM ("SYSTEM" for simplicity) level...

read more

Meltdown and Spectre

With the recent disclosure of the hardware bugs Meltdown and Spectre, the infosec world has been thrown into a bit of chaos. The bottom line is "It's a very serious bug in the CPU itself; your computer is most probably affected, but the major operating systems are...

read more

Security Testing Buyer’s Guide

Introduction Ionize has a long history of providing security services to a wide range of clients, be it government, academic, or commercial sectors. In our experience, there is a large amount of confusion as to what style of security assessment will...

read more

Want to find out more?


Open: Mon-Fri 9am - 5pm
Phone: (02) 6162 1783
Email: info@ionize.com.au
Address: Suite 5, 16 National Circuit


Ionize was established in 2008, and has been servicing clients both within Australia and overseas ever since. Our focus is on providing honest advice to our clients, maintaining the integrity of our work, while building and giving back to the information security community.