When we first unleashed VexBot at BSides Canberra 2024, the response was electric. Players loved the challenge of hunting down five flags hidden behind an AI agent's defenses. But here's the thing about cybersecurity folks: they're never satisfied with "good enough." So,
The cybersecurity landscape is approaching a fundamental shift. While quantum computers remain largely experimental today, their eventual capability to break current encryption methods represents a significant concern for organisations handling sensitive data. This article examines the nature of this challenge and what it means for business security planning. The Quantum
Another year, another BSides Canberra in the books, and honestly? We're still recovering (in the best possible way). SilentGrid returned as a gold sponsor, setting up shop in the hardware area with all the essentials: t-shirts, webcam covers, stickers, and enough snacks to fuel a small army of
This article discusses the key principles and practical considerations for conducting adversary-driven social engineering engagements that prioritise realism over volume. Providing organisations with meaningful insights into their ability to detect, investigate, and contain sophisticated social engineering attacks. Before diving into the methodology, techniques and technical details, I want to clarify
The humble mainframe is often mentioned in the same breath as the word “legacy”. When we consider the speed at which new technology emerges, it would be easy to assume that these systems should have quickly become extinct in the face of things like cloud, DevOps, and AI, let alone
Introduction On the 2nd of July 2025, an Australian Airline reported (https://www.qantasnewsroom.com.au/media-releases/qantas-cyber-incident/) that it had been the victim of a cyber security incident affecting one of its contact centres. In their media release they described how a cyber criminal targeted a call centre and
As artificial intelligence continues to transform industries across the board, many organisations are questioning whether traditional cybersecurity roles will become obsolete. While AI brings valuable capabilities to the security landscape, the notion that it could replace skilled red team professionals and penetration testers reflects a fundamental misunderstanding of what these
Introduction Phishing attacks are an extremely common method used by adversaries for initial access. Mandiant's annual "M-Trends" report (https://services.google.com/fh/files/misc/m-trends-2025-en.pdf) states that in 2022 and 2023, phishing was the second leading initial infection vector after exploits. To mitigate the
We recently had the opportunity to work with a client that had a technology stack that differs from the usual enterprise environment that uses Active Directory, Entra ID and a mix of on-premise and cloud infrastructure. Being an organisation whose staff are mostly developers, all of their infrastructure was cloud
Stay informed with our expert articles and practical advice. Subscribe to our blog today.
At SilentGrid Security, we've observed increased interest in security testing for applications using generative AI Large Language Models (LLMs). These models, which power platforms like ChatGPT, offer compelling business benefits but require careful security consideration. This post outlines our approach to LLM security testing and examines key considerations
You don't know, what you don't know Most organisations have adopted an annual cyber security programme which commonly includes penetration testing of internet facing systems and the "internal" network. These tests are valuable exercises which provide assurance that the environment is not affected by
Introduction At the recent BSides Canberra, we ran a Capture the Flag (CTF) for visitors to our sponsor's booth. With recent interest in AI, we decided to create a Large Language Model based CTF; one that didn't require any custom tools, one that you could play
When you think of office security, you probably picture high-tech firewalls and complex passwords, right? But what about the simpler tools we rely on daily, like lanyards and RFID cards? Sometimes, the real weak spots aren’t in the IT infrastructure at all - they’re in the everyday interactions
SilentGrid delves into the impact of a SQL injection that affected a healthcare application, which claimed to adequately protect the privacy of its users
In the realm of industrial control, Industrial Control Systems (ICS) play a crucial role in overseeing complex processes, with the widely used Modbus protocol serving as a key player in communication. This blog will delve into the security concerns surrounding ICS, placing a particular focus on the Modbus protocol, which
During a recent engagement against a web application, a known vulnerability, CVE-2020-35340 was exploited to gain remote code execution on the server hosting the application
Attack Infrastructure Automation Part 2 - Terraform module design, software setup and configuration, and operator experience
During one of our perimeter assessment exercises, we identified and exploited a vulnerability in an in-house developed thin client
Attack Infrastructure Automation Part 1 - An overview of our approach, main building blocks and design choices
SilentGrid identified an unauthenticated time-based blind SQL injection in Global Vision Media's Blueprint Learning Management System (LMS)
An attack path from a recent engagement involving symbolic links
