During the 2024 winter break, Fortian welcomed Koushik Anand Pirabu as an intern. In this blog post, Koushik reflects on his internship experience working alongside Fortian's Security Operations Centre.
Koushik Anand Pirabu | 1 October 2024
In this blog post, Fortian analysts Philip and Giacomo delve into the intricacies of a recently discovered pernicious Facebook Marketplace scam campaign.
Philip Roberts & Giacomo Marchese | 19 September 2024
Fortian security consultant Vince Hardy discusses corporate demergers from a cyber security perspective, including key considerations during the process.
Vince Hardy | 30 May 2024
An outline of several time-based techniques which can be used to strengthen uncertain threat hunting results.
James Fox | 24 Feb 2024
Fortian discloses information regarding a novel adversary in the middle campaign that bypasses location-based conditional access controls via dynamically routed proxy servers
Phillip Roberts & James Fox | Oct 6, 2023
Phillip and Sho came across something interesting when analysing a credential harvesting attack.
Phillip Roberts & Sho Yamamoto | Sep 4, 2023
Cooper gives an overview of his month at Fortian as part of our internship program
Cooper Eldridge | August 3, 2023
Prashanth covers some simple, practical steps to improving your application security.
Prashanth B.P. | July 17, 2023
Vince provides some guidance on implementing an effective privileged access management framework.
Vince Hardy | June 22, 2023
Phillip explains how MFA events are represented in AAD sign-in logs, explores a few different approaches threat actors may take to exploit MFA and proposes a Sentinel query to help with detection.
Phillip Roberts | May 24, 2023
Phillip and Soorya from Fortian's SOC get into the finer details of some recent malware.
Phillip Roberts & Kumar Soorya | August 26, 2022
Andrew examines the importance of the human element in cybersecurity.
Andrew Bycroft | February 25, 2022
Andrew looks at the origins of one of the key terms in our industry, and questions whether it's really the one we should be using.
Andrew Bycroft | October 5, 2021
Prashanth gives an overview of threat modelling and the application of a secure-by-design principle to software development.
Prashanth B.P. | August 23, 2021
Practical guidance for working with OIDC.
Michael Pearn | August 13, 2021
Michael provides a real-world comparison of provisioning to Google Workspace using two of the most common cloud identity management platforms.
Michael Pearn | July 29, 2021
A couple of years down the track, Jason revisits attack surface reduction and explores a different approach using an AWS application load balancer and OIDC.
Jason Wood | August 18, 2020
Having set up a basic WAF configuration, Adrian now steps through enabling SAML (and MFA) for WAF administration.
Adrian Bole | June 06, 2020
Adrian provides the first of two posts discussing the configuration of Imperva Cloud WAF.
Adrian Bole | May 11, 2020
Reece talks about some of the security challenges with DNS.
Reece Payne | November 23, 2019
The second of Jake's posts on how he built the Fortian technical challenge for CyberCon 2019
Jake Astles | October 27, 2019
Jake gives us the first of two posts on how he built the Fortian technical challenge for CyberCon 2019
Jake Astles | October 16, 2019
Chiko revisits the basics of security architecture: what is it, why do we do it and what are the benefits?
Chikonga Maimbo | August 1, 2019
Simon provides an update on some work we've been doing on Open Banking and the Consumer Data Right.
Simon Ellis | July 18, 2019
Reece gets into the challenges of actually having users use your web application.
Reece Payne | November 23, 2018
Marcus gives a bit of information about our attendance at this year's CyberCon.
Marcus Wong | Oct 09, 2018
Jason walks through setting up a quick and easy reverse proxy authenticating using SAML.
Jason Wood | June 29, 2018
Reece shows you how to get some interesting logging info out of Azure AD.
Reece Payne | June 12, 2018