We are an Australian based information security company offering a wide range of services including:

  • Open-source Intelligence Engagements
  • Operating System Hardening Assessments
  • Penetration Testing
  • Phishing Simulations
  • Red Team Engagements
  • Security Advisory
  • Security Testing
  • Social Engineering
  • Threat Awareness Training
  • Vulnerability Scanning and Testing

Our primary goal is to provide realistic and actionable results that will help secure your organisation against cyber threats.

Feel free to browse our website, read our informational posts and guides below, or email us at email@controlc.com.au if you’d like more information, would like to schedule a meeting, or have any questions.

File upload testing with Fuxploider

Introduction Identifying vulnerabilities in file upload functionality is often a tedious and time-consuming task, and many potential issues may be overlooked without automation. Fortunately Fuxploider (available at https://github.com/almandin/fuxploider.git) significantly streamlines this process. Fuxploider is an open-source penetration testing tool designed to automate the detection and exploitation of flaws in file upload forms. It identifies the allowed file types and determines the most effective technique for uploading web shells or other malicious files to the target web server. [Read More]

A not so CeWL way to build a Wordlist

Introduction Whilst there are many useful tools for building tailored wordlists (such as CeWL - https://github.com/digininja/CeWL and CUPP - https://github.com/Mebus/cupp) saving words while browsing a website is often overlooked and can help create the ideal wordlist for file/directory discovery and further enumeration. This post will cover a new Firefox extension we’ve created web2words that saves all words from websites as you browse. Warning: This extension is currently in testing (be sure to read and understand the code prior to use) so you will need to use Firefox debugging to import. [Read More]

Chashell - Reverse Shell over DNS

Introduction “Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks. It comes with a multi-client control server, named chaserv.” - https://github.com/sysdream/chashell Domain name setup Purchase a domain name of your choice (ideally something cheap and non-suspect to your target) then set up your DNS records as follows (replace 444.111.222.333 with your VPS IP): A Record chashell 444.111.222.333 5min NS Record c chashell. [Read More]
shells 

Visual Studio's built-in malware execution functionality (EvilSln)

Visual Studio contains a serious security issue that could result in a complete compromise of your machine without you even knowing! Full credit to cjm00nw & edwardzpeng (https://github.com/cjm00n) for discovering this issue. Exploit Scenario You’ve found a free and open-source project on GitHub related to something you’re working on that could save you weeks worth of work! Being cautious, you browse every folder and file, reviewing the code as you go. [Read More]

Convert plaintext to QR code on Linux

If you ever need to quickly share plaintext from a computer to a mobile device, generating a QR code can often prove useful and be a more secure method of information transfer in certain situations. In this post we will Install qrencode to generate QR codes on Debian Generate sample QR codes Create a quick bash script that can be executed whenever we need to generate a QR code from input plaintext (an easy way of sharing website URLs from your computer to mobile device) Useful resources and links Linux Magazine - Generating QR Codes in Linux - https://www. [Read More]

Linux local storage access from Citrix Workspace Windows RDP via VeraCrypt

Using VeraCrypt it’s possible to share files from your local Linux machine to a Windows RDP host accessible using Citrix Workspace by following the steps below. Step 1 - Install the Citrix Workspace Linux client Install the appropriate Linux client from the official Citrix website: https://www.citrix.com/downloads/workspace-app/linux/workspace-app-for-linux-latest.html Step 2 - Ensure Citrix Workspace is fully functional Connect to your Citrix server and ensure everything is functional and you’re able to RDP into your target host. [Read More]
citrix 

Monero for privacy, safety and freedom

Monero Means Money Monero is a fast, private and secure way to perform transactions and exchange funds online. Useful resources and links Dr. Daniel Kim: Sound Money, Safe Mode https://www.youtube.com/watch?v=6ckWGZdSBHA Luke Smith on Monero’s Unique Self-Propelling Nature https://www.youtube.com/watch?v=qIMw_cI4UsA Vanessa Harris on why Society Needs True Digital Cash https://www.youtube.com/watch?v=ewpiJTgPb4Q Cake Wallet for Monero - https://cakewallet.com/ Monero Website - https://web.getmonero.org/ Why use Monero? Safer than credit cards Fred bought a new computer from company XYZ. [Read More]

Orbot Tor VPN on Graphene OS

Protect your privacy and support the Tor network Orbot is a Tor based VPN for smartphones (Android and iOS) with inbuilt features such as relaying (allowing your device to be used as a Tor relay to support the Tor network), a full-device VPN setting (which can be used with the always-on VPN functionality to ensure all traffic is routed through Tor) and an ‘Open Proxy on All Interfaces’ setting (that allows devices connected to your phone via WiFi hotspot or tethering to route through the Orbot Tor VPN on your smartphone). [Read More]

Briar Secure Messenger

Peer-to-peer secure messaging “Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn’t rely on a central server - messages are synchronized directly between the users’ devices. If the internet’s down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet’s up, Briar can sync via the Tor network, protecting users and their relationships from surveillance. [Read More]

Flipper Zero

Portable hacking multi-tool “Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It’s fully open-source and customizable, so you can extend it in whatever way you like.” - https://flipperzero.one/ Useful resources and links Flipper Zero Website - https://flipperzero.one/ Flipper Zero Documentation - https://docs.flipperzero.one/ Awesome Flipper Github Repo - https://github.com/djsime1/awesome-flipperzero Flipper Zero Unleashed Firmware Github Repo - https://github. [Read More]