INSIGHTS
AND RESOURCES
Stay informed with the latest cyber security insights, research, and practical guidance.
TECHNICAL RESEARCH & RECOMMENDATIONS
ASVS 5 & The Rise of White Box Testing
By Jerey Meliendrez Introduction The application security field has been slowly shifting over the last decade – away from a focus on the traditional ‘black box’ approach to testing towards
Passwordstate Authentication Bypass (CVE-2025-59453)
By Aidan Stansfield TL;DR Click Studios’ Passwordstate before Build 9972 is vulnerable to an authentication bypass vulnerability, which allows a threat actor to gain full control over the Passwordstate service.
Decrypting Passwordstate
By Aidan Stansfield TL;DR For versions 9700 and above of Passwordstate, the EncryptionKey is derived differently. It now is derived by the HMAC(alg=SHA256, key=join(Secret2, Secret4), plaintext=join(Secret1, Secret3)). A PR has been made to the
Spiceworks – CVE-2021-43609
By Aidan Stansfield Flashback Time! This technical blog post looks at one of the early vulnerabilities uncovered by the Division 5 research program. The team undertook research into the Spiceworks
Direct Memory Access Attacks and Mitigations
By Matthew Prain DMA Attacks, And How to Prevent Them Someone gaining unauthorised access to a personal computer by injecting code into its memory may sound a little far-fetched. However,
STRATEGY | GOVERNANCE, RISK, & COMPLIANCE
Geopolitical Turmoil is Changing Cyber Risk
By Koen De Jong Introduction Geopolitical instability is reshaping cyber risk. As the global order fragments, geopolitical tensions increasingly determine where data resides, how systems are accessed, and which organisations
Top Tips for a Successful Audit
By Jessica Aurisch Getting Ready for an Audit – 5 Tips from an Auditor Imagine its audit season and nobody shows up! Getting audited can be a stressful time. Especially
How an Information Asset Register (IAR) Simplifies Compliance
By Skye Slater How an Information Asset Register (IAR) Simplifies Compliance in Queensland Agencies and Non-Government Organisations As a cyber security firm working closely with Queensland Government agencies, we understand
Developing a Cyber Security Strategy
Nick Young The Digital Frontline: Why Cyber Strategy Matters Every Australian organisation sits on the front lines of a complex and evolving digital battlefield. As former Australian Signals Directorate (ASD)
5 Questions Every Board Should Ask Their Executives
Directors, are you asking the right questions about your organisation’s cyber risks? We’re excited to share a new video resource from Division 5’s Head of Strategy revealing the 5 essential
New Legislation, So What?
By Abby Breytenbach Introduction There’s a lot of legislation, but it’s not always easy to figure out what it means, how it applies, and what it means for my organisation.
Defence | Blue Team Guidance & Research
SIEM – Duplication or Detection?
By Joshua Riesenweber TL;DR Modern security platforms now do natively what organisations once needed a SIEM to build. For years, a SIEM was the only way to correlate signals across