New Zealand - Security-Assessment.com - Web Application Testing, Network Security, Penetration Testing

Security-Assessment.com is a New Zealand based world leader in web application testing, network security and penetration testing.
Advise - Assess - Assure Company Services Advisories Publications Events News Room
Security-Assessment.com
New Zealand
Tel.:+ 64 9 302 5093
Fax.:+ 64 9 356 5698
e-mail: nz@security-assessment.com
 Whitepapers

Defining and Implementing a Strategic Security Management Framework
When it comes to mitigating security risks and satisfying compliance requirements associated with information assets nothing achieves greater results than a well structured and governed management system for information security. This paper assesses the issues organisations must consider when establishing an enterprise security strategy and introduces the Strategic Security Management Framework, developed by Drazen Drazic General Manager of Security-Assessment.com Australia.

Simplifying the Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) was established to set down minimal requirements to ensure the protection of cardholder data. This paper outlines the purpose of the PCI DSS, the affects of non-compliance on an organisation, and what merchant and service providers are required toimplement and maintain in order to comply with PCI compliance.

Access over Ethernet: Insecurities in AoE
ATA over Ethernet (AoE) is an open standards based protocol that allows direct network access to disk drives by client hosts. This paper investigates the insecurities present in the ATA over Ethernet (AoE) protocol and presents some attacks that exploit various vulnerabilities in the protocol.

Exploiting Freelist[0] On Windows XP Service Pack 2
Windows XP Service pack 2 introduced some new security measures in an attempt to prevent the use of overwritten heap headers to do arbitrary byte writing. This method of exploiting heap overflows, and the protection offered by service pack 2, is widely known and has been well documented in the past.
What this paper will attempt to explain is how other functionality of the heap management code can be used to gain execution control after a chunk header has been overwritten. In particular this paper takes a look at exploiting freelist[0] overwrites.

Bugger The Debugger - Pre Interaction Debugger Code Execution
The use of debuggers to analyse malicious or otherwise unknown binaries has become a requirement for reverse engineering executables to help determine their purpose. While researchers in places such as anti-virus laboratories have always done this, with the availability of free and easy to use debuggers it has also become popular with corporate security officers and home users.

0x00 vs ASP File Uploads
The affects of the 'Poison Null byte' have not been widely explored in asp, but as with other languages the NULL byte can cause problems when ASP passes data to objects. This problem arises when data is compared and validated in ASP script but passed to the FileSystemObject without checking for NULL bytes. This document discusses how ASP upload scripts can be affected by the Poison Null byte attack.

Shattering by Example (French)
'Shatter Attack' is a term used to describe attacks against the Windows GUI environment that allow a user to inject code into another process through the use of windows messages. The attack methods described in this document use messages that at first glance appear safe, but can be used to write arbitrary values to a processes memory space leading to command execution.


 Presentations

Ruxcon 2008
None More Black - The Dark Side Of SEO
Presented by Roberto Suggi Liverani
Kiwicon 2008
Black SEO Exposed
Presented by Roberto Suggi Liverani
Bugging The Board Room
Presented by Beau Butler and Carl Purvis
Phree As In Phone Call
Presented by John McColl
The Moth Trojan
Presented by Paul Craig
Waste Not, Want Not
Presented by Nick Freeman
BlackHat EU 2008
spu-md5 - PS3 MD5 benchmark code. This will be superceeded in 2 weeks with the latest release.
Presented by Nick Breese
Kiwicon
Intrusion Detection - This Is Not The Packet You Are Looking For
Presented by Declan Ingram
NZISF Breakfast - November 2007
SCADA - Fear, Uncertainty, and the Digital Armageddon
Presented by Morgan Marquis-Boire
TPN Meeting, Auckland - November 2007
Information Security Industry Overview
Presented by Peter Benson
Syscan 2007 - July 2007
Next Generation .NET Vulnerabilities
Presented by Paul Craig
ComputerWorld IT Security Briefing - May 2007
Information Security Industry Overview
Presented by Peter Benson
Human Factors In Security - May 2007
Social Engineering - Attacks Against People
Presented by Declan Ingram
Brightstar 12th Annual IT Security Summit - April 2007
Incident Management
Presented by Carl Grayson
Web Application Security - Methods and Demos of Attacks
Presented by Paul Craig
Melbourne Breakfast Briefing - April 2007
Exploiting Web Applications
Presented by Declan Ingram
NZISF Breakfast - February 2007
Payment Card Industry Data Security Standards
Presented by Carl Grayson
Security-Assessment Queensland Security Seminar - January 2007
From The Trenches- Security-Assessment.com Industry View
Presented by Drazen Drazic
Workplace Surveillance - Considerations For Queensland
PCI DSS Explained
Securing Web Applications
Available on request to attendees only.
SSMF - Managing Security Accross The Enterprise
Cyber Crime In Focus 2006
Secure Web Applications
Presented by Declan Ingram.
Ruxcon 2006
Hit by a Bus: Physical Access Attacks with Firewire - pythonraw1394-1.0.tar.gz
Presented by Adam Boileau.
Unpacking Malware, Trojans and Worms: PE Packers Used in Malicious Software
Presented by Paul Craig.
Low Down and Dirty: Anti-Forensic Rootkits
Presented by Darren Bilby.
Access over Ethernet: Insecurities in AoE
Presented by Morgan Marquis-Boire.
September Sydney Breakfast Brief
Wireless Networks: Success, Failure & Insecurity
Presented by Adam Boileau.
802.1x Roadshow - July 2006
Practical WLAN Attack & Defense: A Pragmatic Hacker's Primer
Presented by Adam Boileau.
S4 Security Seminar Series - July 2006
BCP and DR. Timely Reminder
Information Security - What Directors Need to Know
Data Protection and Compliance
PCI - Data Security Standards
30 Minutes of RFID - Analysis, Applications and Attacks
Wireless - State Of The Nation
Auscert Security Conference - June 2006
Defeating Live Windows Forensics presented by Darren Bilby
BrightStar 11th Annual IT Security Summit - April 2006
Rootkits - Advanced Malware
hxdef-demo1.avi, hxdef-detection.avi, hxdef-detection-icesword.avi
Presented by Darren Bilby
Violating The Corporate Database
Presented by Dan Cornforth
F5 Security Conference April 2006
Security-Assessment.com State of Security Overview
Security-Assessment.com March 2006 Breakfast Seminar
Unifying framework for Identity Management
Security-Assessment.com February 2006 Breakfast Session
Information Loss Management
S4 Security Seminar Series - October 2005
Moving Security Enforcement into the Heart of the Network
Incident Handling - Considerations in Approach
Secure Coding Practice
Information Loss Management
Safe Knowledge
Ruxcon - October 2005
SBDA - Same Bug, Different App
New Zealand Information Security Forum - July 2005 Auckland
Voice over IP VOIP (In) Security
F5 Security Event - May 2005 Melbourne & Sydney
From the Trenches (Australia)
Financial Services Federation - April 2005 Risk Meeting
Internet Security and Fraud - Current Online Trends
BrightStar 10th Annual IT Security Summit - April 2005
Exposing Web Vulnerabilities
VOIP - What You Don't Know Can Hurt You
Keeping your Enterprise Secure and Continuous
IDC's Asia/Pacific Security and Continuity Conference - April 2005
From the Trenches
S4 Security Seminar Series - March 2005
GoogleHack and PTP Hacking
Security Process Engineering
Enforcement Strategies
VOIP 2: Is Free too Expensive?
Codescan and Web Application Testing
Wireless Security
NZ Computer Society
Information Security Special Interest Group - November 2004
Wireless Security
S4 Security Seminar Series - October 2004
Advances in Web Application Hacking
Best of Black Hat
Laws and Regulatory Controls
Shoot the Messenger - Shatter Attacks
State of the Net
VOIP Hacking
Vulnerability
Management Introduction
BrightStar IT Security Conference 2004
A Day in the Life of a Hacker
BrightStar IT Security Conference 2003
A Step into the Computer Underworld 
  New Zealand - Security-Assessment.com © 2008 | Privacy Policy | Terms of Use
PCI DSS Compliance | Vulnerability Assessment | Web Application Testing - Penetration Testing | Network Security Testing
Security-Assessment.com - Datacraft