Weaponising Staged Cross-site scripting (XSS) payloads
Privasec's Consultant Sajeeb Lohani has released the second article of his new ‘Weaponising Series’, after a great response on ‘Weaponising AngularJS bypass’. The article highlights techniques of weaponising staged cross-site scripting (XSS) payloads. Check out the full article here. Stay tuned to Privasec's News page for further additions to this series.
Privasec Red's Consultant breaks world record by disclosing most number of Open-Source CVEs.
Our team is proud to announce that Privasec RED's Consultant, Sajeeb Lohani has broken the world record by privately disclosing 120 Open-Source CVEs.
Sajeeb is a technical security advisor with passion for vulnerability research. He has worked with companies like Australia Post, PwC Australia, Commonwealth Bank of Australia, and Hivint. Sajeeb enjoys contributing to multiple open source projects like Interlace, fuzzapi, and OWASP mobile security testing guide, and regularly shares his work at security conferences such as RuxCon, BSides Perth, OWASP NZ, and CrikeyCon. He was nominated for AISA Rookie of the Year in 2017.
Sajeeb believes in an open-source approach to knowledge sharing. Having founded the Monash Cyber Security Club in 2014, Sajeeb volunteers to teach his fellow Monash students in the field of offensive security. Sajeeb also dedicates his time to mentoring members of the Australian Women in Security Network (AWSN)'s Cadets program, and organising industry meetups such as Sectalks Melbourne, AllSec, OWASP Melbourne, DevSecOps, AngularJS, and Platypus.
This record took 3 years to achieve. Sajeeb is attempting to make the word of open source software a better place. Sajeeb is one of the all-star members of our Privasec Red Team. Our Red team consists of professional hackers who have a wide range of industry experience across military, industrial and enterprise sectors. Know more about our Red Team here
Check out our services here or all us at T(AU): 1800 996 001 T(NZ): +64 9 222 4725 T(SG): +65 6631 8375 T(MY): +603 2788 3709.
Privasec Sponsors 0xcc: Women Training Conference in Melbourne
Privasec supports the importance of encouraging more women in taking the step forward and progressing in our industry. Privasec’s consultants Winky Tsui and Vivienne Mutembwa were at the 0xcc infosec training conference. The 0xCC training workshops provide women of all ages and backgrounds a space to learn, inspire, collaborate and share their knowledge. The 0xCC hoodies, t-shirts, hoodie dresses and square silk scarves were a great hit at the conference. A big thanks to all the organisers and sponsors. We are already looking forward to 0xcc conference next year.
Privasec Training Bootcamp Series
Privasec is really excited to introduce our first ever master class training workshops. Learn from our experienced GRC or Purple Team specialists about the latest regulations and techniques in this one day knowledge-transfer session. Have your pick from our 5 different workshops! These are especially designed to help our IT and security professionals upskill and sharpen their knowledge on security and risks. Limited spots are available, so grab your tickets now. The links below include more details about each workshops.
- ACSC Essential Eight, 9th May 2019:
If your organisation's security posture against the Australian Cyber Security Centre's (ACSC) Essential Eight, this workshop is especially designed for you.
- ISMS - The Masterclass, 15th May 2019
Learn directly from a leading ISMS expert how to design and build a complete ISMS that is fully compliant and certifiable with ISO 27001:2013.
- Purple Team Training, 23rd May 2019
You are part of your organisation's Blue Team, you will not want to miss out on testing your skills, and learning how to detect when you are under attack.
- APRA CPS 243 - The Workshop, 30th May 2019
Get your own soundboard with our GRC expert on how you should be aligning your company’s regulations to APRA CPS 234.
- IRAP | ISM - The Masterclass
If you are looking to do business with the Australian Government, this one day knowledge-transfer session will allow you to plan and control your ISM compliance efforts and prepare for the IRAP Assessment.
Privasec's Principal Consultant to speak at Red Team Panel at SecTalks
Red Team vs Blue Team
SecTalks SYD0x2E (46th) will feature cyber security professionals from both the red and the blue team sharing their experiences and war stories. Privasec Red’s Principal Consultant Ryan Broadfoot will be on the Red Team panel at the event. Check out the event details here: