It's a single line of code - easy to miss in a review, and present in more Android apps than you'd expect: webView.addJavascriptInterface(new AppBridge(), "NativeApp"); When it's configured correctly, it's fine. When it isn't (and that happens
There's a particular kind of screen you'll find in control rooms, substations, and utility plants the world over. It shows a live schematic of whatever process the facility is running (e.g. pumps, valves, electrical loads) and operators use it to make things happen in the
Okay, so a disclaimer upfront… setting up a self-hosted local Minecraft server didn’t actually teach me anything about business-to-business sales. I mean, you were expecting that, right? If so, great, we’re on the same page, if not, well apologies, but hopefully there’s some value
In a previous post, we discussed how AI-assisted analysis has become a useful tool in offensive security engagements. This article demonstrates that methodology in practice, showing how it accelerated our work during a recent web application and API penetration test. The combination of AI assistance and human expertise enabled
At SilentGrid, we rarely get called in for full-scale load testing - but recently, we had an urgent client request to validate system performance under high user activity. The goal: ensure the system could handle the influx of users expected in the first weeks of operation. This was a great
A Threat That Has Evolved Beyond Nation-State Actors In the late 1950s, the Soviet embassy in The Hague placed an order for office furniture from a local Dutch company. This was the height of the Cold War, and American intelligence agencies had recently discovered a sophisticated listening device concealed
During one of our red team engagements late last year, we were given a challenge: Once inside the building, could we access employee lockers? At first glance, this didn’t sound too exciting. But like many things in security, the small details often hide the biggest risks. The Setup From
The integration of artificial intelligence into offensive security practices represents a significant evolution in how cybersecurity assessments are conducted. Last year, we wrote about how AI wouldn't replace us human testers at SilentGrid Security, this year, we're taking a look at how AI has helped us
Maximising Value in Offensive Security Assessments: Why More Information Leads to Better Results When organisations engage offensive security firms like SilentGrid for adversary simulation or penetration testing, a common assumption emerges: the assessment should mirror real-world attack conditions as closely as possible. This often translates to providing minimal information
Stay informed with our expert articles and practical advice. Subscribe to our blog today.
When we first unleashed VexBot at BSides Canberra 2024, the response was electric. Players loved the challenge of hunting down five flags hidden behind an AI agent's defenses. But here's the thing about cybersecurity folks: they're never satisfied with "good enough." So,
The cybersecurity landscape is approaching a fundamental shift. While quantum computers remain largely experimental today, their eventual capability to break current encryption methods represents a significant concern for organisations handling sensitive data. This article examines the nature of this challenge and what it means for business security planning. The Quantum
Another year, another BSides Canberra in the books, and honestly? We're still recovering (in the best possible way). SilentGrid returned as a gold sponsor, setting up shop in the hardware area with all the essentials: t-shirts, webcam covers, stickers, and enough snacks to fuel a small army
This article discusses the key principles and practical considerations for conducting adversary-driven social engineering engagements that prioritise realism over volume. Providing organisations with meaningful insights into their ability to detect, investigate, and contain sophisticated social engineering attacks. Before diving into the methodology, techniques and technical details, I want to
The humble mainframe is often mentioned in the same breath as the word “legacy”. When we consider the speed at which new technology emerges, it would be easy to assume that these systems should have quickly become extinct in the face of things like cloud, DevOps, and AI, let alone
Introduction On the 2nd of July 2025, an Australian Airline reported (https://www.qantasnewsroom.com.au/media-releases/qantas-cyber-incident/) that it had been the victim of a cyber security incident affecting one of its contact centres. In their media release they described how a cyber criminal targeted a
As artificial intelligence continues to transform industries across the board, many organisations are questioning whether traditional cybersecurity roles will become obsolete. While AI brings valuable capabilities to the security landscape, the notion that it could replace skilled red team professionals and penetration testers reflects a fundamental misunderstanding of what these
Introduction Phishing attacks are an extremely common method used by adversaries for initial access. Mandiant's annual "M-Trends" report (https://services.google.com/fh/files/misc/m-trends-2025-en.pdf) states that in 2022 and 2023, phishing was the second leading initial infection vector after
We recently had the opportunity to work with a client that had a technology stack that differs from the usual enterprise environment that uses Active Directory, Entra ID and a mix of on-premise and cloud infrastructure. Being an organisation whose staff are mostly developers, all of their infrastructure was
At SilentGrid Security, we've observed increased interest in security testing for applications using generative AI Large Language Models (LLMs). These models, which power platforms like ChatGPT, offer compelling business benefits but require careful security consideration. This post outlines our approach to LLM security testing and examines key considerations
You don't know, what you don't know Most organisations have adopted an annual cyber security programme which commonly includes penetration testing of internet facing systems and the "internal" network. These tests are valuable exercises which provide assurance that the environment is not affected by
Introduction At the recent BSides Canberra, we ran a Capture the Flag (CTF) for visitors to our sponsor's booth. With recent interest in AI, we decided to create a Large Language Model based CTF; one that didn't require any custom tools, one that you could play
