Latest Posts
-
Proactive Labs at Cybercon 2024
One of our team members, Matthew Belvedere will be speaking at Cybercon Melbourne about threat modelling; The talk is titled Getting better insights from penetration tests; An introduction to threat modelling, and will be running on the 26th of November.
-
Incident Response to Domain Admin
Here at Proactive Labs, we perform a range of different offensive security services, including Penetration Testing and Red Teaming. Red Teaming is a common type of engagement, offering our clients an insight into a realistic intrusion against their environment. Red Teaming is ultimately a test of an organisations people, processes and technology used to defend their environment.
-
Packer Script Release - Windows / QEMU
tldr: We’re releasing our Packer scripts for Windows builds, which we use internally for tool development and testing.
-
Strange behaviours when presenting multiple JWTs
tldr: Presenting multiple JWT tokens in the same request shouldn’t work - until it does!
-
Pecan+ 2024 Training
Proactive Labs had the privilege of conducting the training sessions for PECAN+ at The Australian National University this weekend. The event had over 70 students attending, and covered topics including Linux fundamentals, Cryptography, Steganography and Digital Forensics.
-
MSP360 hardcoded encryption keys leading to leaked network credentials
“MSP360™ (previously CloudBerry) Backup for Windows is a cost-effective, flexible, and versatile backup and data restore solution that enables business and private users to automate data protection routines for a number of environments, local and cloud storage destinations.”
-
ComfyCon 2024 - Introduction to threat modelling
One of our team members recently had the opportunity to present at ComfyCon 2024, an online Cyber Security conference made in response to the COVID-19 pandemic.
-
Common Penetration Testing Approaches
A common question asked when scoping a penetration test is the difference between black box, white box and grey box testing, and which is the best method. In this post we will cover the difference between the three and how to decide which is best suited, as well as how to decide when to engage a penetration tester for a project.
-
Attacking Internet Explorer Security Zones
Over the course of numerous assessments we’ve abused misconfigurations within our clients Internet Explorer (“IE”) Security Zones to achieve: