Publications

Latest Publications

All presentations are Copyright Aura Software Security Ltd 2010, All Rights Reserved. You may download these presentations for research purposes only. Any re-use or reproduction of these presentation may only be peformed with express permission from Aura Software Security Ltd.

Welcome to Rootkit Country

Graeme Neilson presented at the CanSetWest Conference in Vancouver on rootkit software on March 11 2011. You can download this well received presentation here.

Download "Rootkit County"

Feeling Insecure about your Web Testing?

Scott Fletcher presented at the Australia & New Zealand Testing Board on 30 March 2011 on beginner testing strategies for five of the OWASP Top Ten web security threats. These strategies will help testers ensure the security of web applications.
Download "Feeling Insecure about your web testing?"

Tales from the Crypt0

Graeme Neilson presented with Kirk Jackson from Xero on cryptography at the OWASP Day New Zealand 15th July 2010.
Does the thought of SSL, HTTPS and S/MIME make you squeamish? Does PKI make you want to scream? Does encrypting data at rest make you want to bury yourself alive?
Cryptography is an important part of most web applications these days, and developers and admins need to understand how, why and when to employ the best and appropriate techniques to secure their servers, applications, data and the livelihoods of their users.
Download "Tales of the Crypt0"

Netscreen of the Dead

Graeme Neilson presented at RuxCon in Sydney Australia (2008) and BlackHat, Las Vegas USA (2009).
The presentation covered Graeme's research on how he's developed a trojan ScreenOS operating system that when loaded onto any Juniper Firewall turns it into a ZOMBIE, giving Graeme full access to the underlying firewall, bypassing all rules and passwords.
We must of cause mention Juniper at this point - "we express our appreciation for your pragmatic and careful handling of this case" (Juniper, 28 Nov 08). They also released a tech bulletin: PSN-2008-11-111, "ScreenOS Firmware Image Authenticity Notification" which states: "All Juniper ScreenOS Firewall Platforms are susceptible to circumstances in which a maliciously modified ScreenOS image can be installed."
Listen in to Graeme's interview on IT Radio download (18MB mp3 file)
Download "Netscreen of the Dead"

Proactive Software Assurance

Andy Prow presented at the ISACA Computer Security Day on the 2nd Dec 2008 in Wellington. Andy's presentation focussed on the "SANS Defensive Wall 1 - Proactive Software Assurance", covering the steps you should take as an organisation to proactively protect your systems against attack.
Download "Proactive Software Assurance"

Better than the regular script kiddie: w3af

The w3af framework project is the up-and-coming MetaSploit of Web application security. It's flexible design allows new attack vectors to be easily written and includes many features which are only available in the grossly expensive commercial tools. Mark's presentation will discuss why we need webapp scanners and demo the w3af framework and how to automate the Discovery, Audit and Attack of web applications.

The presentation can be downloaded here

Scanberry: Advanced Attacks via a trojaned Blackberry

Building on the Blackjacking tools presented at DefCon, Graeme will present some advanced tools for attacking internal networks via Blackberrys. For example how to use TicTactrojan on a Blackberry to port scan an internal network from the comfort of your external host.

The presentation can be downloaded here

Quality Software - Designed to be Hacked

Andy will focus on how software quality MUST include security considerations during the requirements, design, implementation, testing, roll-out and maintenance phases. He will also include some examples of real-world security issues that "make you think..."

The presentation can be downloaded here

It only takes a Pin Prick to burst your Enterprise Security bubble
The presentation highlights the need for an organisation to have there own "trusted in-house hacker" who thinks like a hacker would.
Some of the other topics covered are:
Some of the latest tools hackers use.
A sample of common vulnerabilities and how they can be exploited.
How to protect your network against these exploits.
Please feel free to contact Aura Software for more detailed information and to request a security assessment.

The presentation can be downloaded here

In the news

WDCNZ Web Security Workshop

06 April 2011

Aura Software Security will be running a half-day web security workshop on Friday 15 July for those wanting expert training the day after WDCNZ. Click here for more.

Deloitte Asia Pacific Technology Fast 500!

04 Dec 2010

Congratulations to Aura on getting into the Deloitte Asia Pacific Technology Fast 500! A huge 284th position. Excellent - this gives us 283 companies to improve on for next year...

Electra Business of the Year - goes to AURA!

01 Jul 2010

What a HUGE evening at the Electra Business Awards! We are extremely proud to have been awarded the "Business of the Year"!
As well as that we won the "Hi-Growth Award", "New-Thinking" and "Customer Services Award", as well as being finalists for "Staff Development" and "Operational Capability".

More IT Security TRAINING

Sept - Dec 2010

We have a new round of our Teaching the Good-Guys Bad-Tricks IT Security training courses coming up, in Wellington, Auckland and Christchuch through-out Sept to Dec.

We are running both in-house corporate sessions, and are booking several group venues that are open for public bookings. Places fill up fast so CONTACT US now for arrangements.

$250,000 TechNZ Grant for Aura RedEye

Jul - Dec 2010

Aura's RedEye vulnerability scanning product and threat analysis service has been awarded a $250,000 TechNZ Research and Development grant from the Foundation for Research, Science and Technology

Microsoft TechEd 2010

30 Aug - 1 Sep 2010

Microsoft's TechEd NZ will be another huge event. Aura's Andy Prow will be presenting again with Kirk Jackson - Hack-Ed, Teaching the Good-Guys MORE Bad-Tricks