Asymmetric Security | Company

Asymmetric Security

Add/Update information

Reviews

Tags

• Company

24.01.2022 Ruxcon went well, now to prepare for the NZITF and a day of training, along with handling the commercials for new clients.

23.01.2022 This goes to show the massive impact a single miscreant can have on broad range of companies. While it's not clear why DERP is going after Phantoml0rd it's certainly waking a lot of people up to the money behind online streaming and eSports in general. http://www.forbes.com//attack-on-twitch-streamer-shuts-do/

22.01.2022 Everything is progressing well with some monitoring already taking place and some initial meetings set up. It's been very interesting scratching the surface on some public platforms and finding large scale 'exploitation' of them by a small number of distinct actors. For example, 'GreatDownloads' accounts for around 25% of all posts on Pastebin.

17.01.2022 After finding myself in disagreement with a number of the big players I've posted my infosec predictions for 2014. http://blog.asymmetric.com.au//01/predictions-for-2014.html

16.01.2022 Kayne is talking tomorrow at AusCERT about Bitcoins, how they work and why you shouldn't keep your life savings in an unlicensed bank run by someone with no financial experience.

15.01.2022 Our first blog, aiming to do one a week on varying topics (non-sensitive issues of course). This one is a quick macro to reduce the pain of penetration test reporting in Microsoft Word. http://blog.asymmetric.com.au/

14.01.2022 Kayne is presenting tomorrow at the AISA Melbourne Branch meeting. https://www.aisa.org.au//aisa-melbourne-branch-meeting-sh/

14.01.2022 http://money.cnn.com//security/wall-street-jou/index.html Just goes to show simple attacks still work, even when the victim knows they will be targeted and writes about the targeting of others using the same techniques.

12.01.2022 OPSEC is important in malware too (check the file path in the PDB). http://totalhash.com//0a43eaf342115cb49257460d5283fa3c6fd5

10.01.2022 It's not as bad as Heartbleed despite the rumours. This exploit requires someone being between you and the server you're talking to and they need to control some Javascript you have loaded (which can be injected into any plaintext page you open) and have it repeatedly hit the secure site you're talking to in order to derive some information like session cookies from it. It's not good news but it's a fairly noisy attack to mount and must be in network path.... Also there is no logo yet for POODLE, a missed marketing opportunity for sure. https://www.openssl.org/~bodo/ssl-poodle.pdf

09.01.2022 We've got a big few months coming up including a Ruxcon presentation, likely running some training in New Zealand and continuing discussions with potential clients. If you're interested in getting some things off your plate when it comes to communicating security threats to your executives, or if you're interested in collaborating on security research please reach out.

08.01.2022 We start trading on the 22nd of July, the first two weeks primarily being administrative tasks and setting up infrastructure. After that I'll hit the road trying to sell our first offerings, a financial services targeted Cybercrime intelligence product (management focused with accompanying tech information) and a secure private information exchange PaaS (Platform as a Service). I've got an ever growing list of services people will really like, it's just a matter of resisting the temptation of picking up too much consulting work early on, especially before I get more people on board. With the initial offerings I think it'll help companies drive security spending and exchange data more effectively, certainly making your lives easier. The second set of services will well and truly make the criminal's lives harder.

08.01.2022 Well done to Queensland Police on such a quick result (these things are mired in bureaucracy). http://www.theregister.co.uk//queensland_cops_collar_leag/

05.01.2022 We are planning on holding Open Source Intelligence training across two days, likely at the end of May. This training will help give concepts of where to look for open source intelligence in the first day, and developing bare bones automation systems on the second day. The outcome of the second day can form part of in-house tools for further development. The syllabus will likely be in the form of: Day 1: 1. What is Open Source Intelligence?... 2. How to set up an intelligence function in your organisation 3. Writing intelligence reports 4. Establishing covert identities 5. Basics of Paterva Casefile/Maltego 6. Image metadata 7. Basics of IRC 8. Places to look for criminals Day 2 - automation: 1. Introduction to Python (some programming experience really recommended) 2. Helpful frameworks 3. Services with APIs 4. Looking like a real human 5. Web Scraping 6. Data storage 7. Basic web frontends 8. Writing Maltego Transforms If you have other elements you are particularly interested in or case studies you’d like an opinion on (and are willing to share with the group) we may be able to integrate these into the plan depending on timing. We are looking at holding this training in Sydney and/or Melbourne. Please contact via email or Direct Message if you are interested in sending someone or attending yourself.

04.01.2022 We're interested in talking to third year/honors/masters/Phd students in Australia who are keen to get into cyber security and have strong Asian language skills (preferably a primary language, but with very good spoken/written English). If you know anyone who fits please let us know.

04.01.2022 Poker pros have their room broken into in Barcelona and a trojan horse installed on their laptops to help someone win online tournaments. Sounds like something from TV but I have no doubt we'll see more of these hybrid physical/online attacks in coming years. http://www.f-secure.com/weblog/archives/00002647.html

03.01.2022 We're presenting at the AusCERT conference on the 3rd of June at the Royal Pines resort on the Goldcoast. We'll be covering off a lot of big data tools and design considerations for processing security data (plus covering why they might be the best fit). If you're in the area come and say hi! https://conference.auscert.org.au/kayne-naughton-andrew-hos

01.01.2022 We'll be quite busy in the next few months with presentations and onboarding new clients. Announced so far is Kayne talking about Bitcoin and cloud security incidents at AusCERT 2014 and talking about amplification attacks and being a good Internet Neighbour at the Auscert Security on the Move event in Melbourne on March 6th. http://conference.auscert.org.au//security-on-the-move-mel