// BLOG

Searching Network Shares for Domain Admin

Currently one of the most effective methods of domain privileges escalation is finding open shares with sensitive information, server backups, database passwords, user passwords, or modifiable executables or scripts. This method often gets us Domain Admin privileges...

read more

Ionize and Cogito Group Strategic Partnership

Ionize and Cogito Group today announced a strategic partnership that will enable both companies to significantly strengthen the breadth and depth of their cyber security capabilities. Ionize and Cogito Group are both successful Australian cyber security companies with...

read more

Cisco Pivoting for Penetration Testers

On a recent engagement we faced a difficult target with minimal external attack surface. Their website had a few flaws, but it was hosted externally with a third party. Even if we could compromise the site, it likely wouldn't result in the internal network access we...

read more

Deserialisation Vulnerabilities

Seemingly one of the most overlooked security vulnerabilities in the web applications that we test is the deserialization of untrusted data. I say overlooked because awareness of this issue seems to be comparatively low among web developers. Contrast that with the...

read more

Administrator Accounts are SYSTEM

If you're ever running any programs on an account with administrative privileges, it might be tempting to think "It's alright; at least if this account is compromised, the attacker won't be able to obtain NT AUTHORITY\SYSTEM ("SYSTEM" for simplicity) level...

read more

Want to find out more?

CONTACT

Open: Mon-Fri 9am - 5pm
Phone: (02) 6162 1783
Email: info@ionize.com.au
Address: Suite 5, 16 National Circuit
BARTON ACT 2600

ABOUT

Ionize was established in 2008, and has been servicing clients both within Australia and overseas ever since. Our focus is on providing honest advice to our clients, maintaining the integrity of our work, while building and giving back to the information security community.