Take Control

The tactics, techniques and procedures that adversaries use evolve at a rapid pace. To stay ahead of malicious actors, it is essential to work with a team that knows how they operate and can recommend relevant solutions.

Our Services

We understand that every organisation, environment and security needs are unique.
The services provided by SilentGrid are always tailor-made for our customers' specific needs. Our engagements provide a customised combination of multiple elements from our service portfolio to ensure optimal coverage for your security concern at hand.

Assumed Breach

Assess your defensive readiness for the scenario where a sophisticated threat actor managed to establish an initial foothold on your network

Red Teaming

Evaluate your organisation's security controls, procedures and overall security maturity by simulating a sophisticated end-to-end real-world attack

Penetration Testing

Manually assess your infrastructure and software to identify vulnerabilities that could be leveraged to compromise the security of your digital property

Perimeter Assessment

Map your publicly exposed resources and uncover attack surfaces you might not be aware of

Adversary Emulation

Use tools, techniques and procedures of attackers to assess your detection and response capabilities

Password Analysis

Assess your current employees' security awareness by running a password analysis against your Active Directory environment

image
image
image
image
image
image
image
image
image
image image

Client Portal

All our clients get access to a dedicated portal*, which allows them to:


  • Track engagements and identified issues in real-time
  • Access project details
  • Focus and monitor remediation efforts
  • Get a concise view of current and historical projects
  • Access various statistics


*opt-out available

image
image
image
image
image

Certifications and Recognitions

SilentGrid is a CREST ANZ approved company. Our expertise is supported by the internationally most recognised certifications in the offensive security industry.

image
image
image
image
image
image
image
image
image

From our Blog

Blueprint LMS Blind SQL Injection

Overview SilentGrid identified an unauthenticated time-based blind SQL injection in Global Vision Media's Blueprint Learning Management System (LMS). Blueprint LMS is a fork of Chamilo LMS, with the addition of a SCORM engine and custom functions. The injection is blind in the sense that the application response does not provide output from the backend database. The primary indicators of a blind SQL injection vulnerability then comes down to determining valid SQL statements containing True or F


Read Post

Story From The Trenches: Junction Bug Elevation

It is nice when random things come together to give you a novel attack during an engagement, especially when it starts to feel like the environment is completely sterile. Recently we had set ourselves the goal of elevating privileges on a laptop not too far removed from its original imaging. We did have some credentials for a low privilege domain account so there are some evergreen approaches that can be considered... but that's not what this post is about. The endpoint was also running Airloc


Read Post

CVE-2021-37749 - Hexagon GeoMedia WebMap 2020 Blind SQL Injection

Overview SilentGrid identified a blind SQL injection vulnerability in Hexagon's GeoMedia WebMap 2020 solution. This vulnerability can be exploited by unauthenticated attackers to interfere with the SQL query the application is using to interact with the backend database. While a hotfix is available, due to lack of response from the vendor, SilentGrid cannot confirm if the patch is implemented in the latest GeoMedia WebMap 2020 Update 2. Technical Details The “Id” parameter within the "sourceIt


Read Post
image
image
image
image
image
image
image
image
image
image
image

Keep up to date

Sign up now to our mailing list and receive the latest from our blog.