Taking Information Security to a New Level

Security-Assessment.com is a purist security company, with a strong focus on research and development. This is delivered in the form of world-class advisory and assurance services to large and medium size enterprises that require a true independent measurement of security compliance, and who need specialist advice to improve their overall information security stance. We are a trusted partner providing clients with on-going assurance services and advice to support informed decision making regarding security and risk for their business. Security-Assessment.com helps design security into the organisational practices rather than through tactical or technological solutions.

FEATURED

NEWS & EVENTS

26 Jan 2016,
Due to steady growth in our client base Security-Assessment.com is looking for Principal and Senior Security Consultants. If you feel you have what it takes to be part of a dedicated hacking crew please email your CV to hr@security-assessment.com
02 Nov 2015,
On Thursday 29 October Denis from Security-Assessment.com released KeeFarce at the ISIG meeting in Auckland, New Zealand. KeeFarce is a tool that allows for the extraction of KeePass 2.x password database information from memory. The clear text information, including usernames, passwords, notes and URLs are extracted to a CSV file. The source code is available on github: https://github.com/denandz/KeeFarce KeePass is a widely used password safe utility distributed under GNU General Public license, details can be found at: http://keepass.info/

WHITEPAPERS

21 July 2017,
Will Boucher
The Citrix NetScaler1 Gateway VPN has the ability to check various conditions on a user device when it attempts to connect to a NetScaler Gateway. Citrix calls this “PreAuthentication Endpoint Analysis”, or EPA. This is a problem when trying to connect to a NetScaler Gateway VPN without knowing the client-side checks required. This whitepaper details the process to reverse engineer the encryption mechanisms for these checks and provide a bypass for the client side verification.
19 May 2014,
Denis Andzakovic
SSL Pinning is a security measure employed by applications in an attempt to thwart users from intercepting requests with a web proxy. This whitepaper will discuss methods used to bypass SSL pinning.