Slide 1
Cyber security specialists for over 23 years

dotSec - do more business, more securely

dotSec is a professional cyber security organisation that was founded in 2000, on a single idea:  A business that treats security as an asset will operate more securely, and will be able to attract more customers, operate with less risk, and be more successful than its insecure competitors. Now, with over 24 years of national and international experience behind us, that one idea has allowed us to assist national and international clients across most industry sectors, and across all tiers of government. 

From our clients

News and updates

Law Firms And Cyber Tech: Don’t Just Do It

Law firms and cyber tech: Don’t just do it The shiny allure of technology is so enticing and the siren’s call, “Just buy this thing and all your pain will go away”, is almost irresistible. With the proper approach, various technologies really can help firms to manage their level of risk by offering capabilities such as automated real-time threat detection, intrusion prevention, and response mechanisms, allowing firms to proactively protect

Read More »

Happiness and long life with ISO 27001

“Data is the new oil!”  The phrase was famously uttered by British mathematician Clive Humby nearly 20 years ago but it’s often used today, not in its original context, but to try to convey the idea that data is valuable in its own right.    The reality of course is that the information that can be extracted from the phenomenal volumes of data that are available today for mining, analysis and processing,

Read More »

SharpC2 in the real world

SharpC2 is an open-source (.NET based) command-and-control framework developed by RastaMouse. The main component of SharpC2 is the TeamServer (and related .NET rich client) which is responsible for both generating implants (called drones in SharpC2 parlance) as well as communicating with said implants when they are deployed to the target. SharpC2 contains a rich feature set including SOCKS and reverse port-forwarding making it very useful for red-team engagements. We won’t

Read More »

TPSP AOCs – Scoring goals and saving money!

In the increasingly data-driven e-commerce and finance space, protecting sensitive information has become a vital aspect of running any business, and one area that requires a high level of vigilance is payment security, especially for businesses that handle credit card (also known as cardholder) data. These businesses must adhere to the Payment Card Industry Data Security Standard (PCI DSS v4.0 or v3.2.1), complying with a set of stringent guidelines that

Read More »

Happy memories of an old Internet banking hack

The good old (Internet banking Hack) days! So a long time ago (25 years ago actually!) in a research centre not so far away, I helped to write a paper that described an old Internet banking hack, outlined how the authentication systems that were used by browser-based internet banking applications could be bypassed and presented some options for reducing the corresponding level of risk.  Now, 25 years on I’ve just finished reading

Read More »

Survey results: Security for Australian law firms 2022-23

2023 State of Cyber Maturity for Australian Law Firms The 2023 State of Cyber Maturity for Australian Law Firms survey invited legal professionals to share their approaches, motivations, decision making, and management towards cyber security. DotSec commissioned independent market research firm Momentum Intelligence to conduct the survey in collaboration with Lawyers Weekly.  The survey was conducted on behalf of DotSec by Momentum Intelligence between 8 September and 4 October 2022. The survey received a total of

Read More »

Hey nice business!

It’d be a shame if something happened to it! In the real, physical world, extortion is a real problem and across the world, certain gangs and organisations see extortion as a legitimate way to earn real money, even apparently in the nuclear power industry! [10]  The Internet is of course similar in many ways to the real world. If there are assets that are valuable to the owners, and if those

Read More »

Relax! it’s not my first time!

Oh for heavens sake!  Can we all agree that the Optus event doesn’t really matter?  I mean, it really does matter, of course!  But still, it kinda feels like deja view all over again [1] and I can’t help but think I should relax! It’s not my first time! Once upon a time… [2] Five years or so ago, a young friend of friend of ours wanted to buy a car

Read More »
Dangling DNS records (part 3) - The final pluck!

Penetration testing stats from the past two years

Some penetration testing stats from the past two years It was the great Gordon Ramsay that said, “I don’t like looking back. I’m always constantly looking forward. I’m not the one to sort of sit and cry over spilt milk. I’m too busy looking for the next cow.”   But still, it can’t hurt to keep track of how the cow-hunting is going, so in this post, we’ll present some penetration

Read More »

dotSec professionals have credentials including PCI Qualified Security Assessor (QSA), ISO 27001 lead implementer, and ISO 27001 lead auditor, and we provide ISO/IEC 27001 implementation and preparedness services. dotSec provides advice for APRA’s CPS 234 and we have assisted companies to become compliant with controls from the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). 

dotSec is a Payments Card Industry (PCI) Qualified Security Assessor (QSA) company. This means we are qualified to assist and assess companies that collect, store or process credit card data. 

dotSec provides Managed SIEM and Detection and Response (MSIEM/MDR) services to a range of organisations in the government, retail, legal and engineering/architecture sectors.  We are also a PCI DSS-compliant service provider, which makes life much easier for our PCI DSS customers, since we can provide an Attestation of Compliance (AoC) upon request, reducing our customers’ reporting obligations.  

When it comes to testing and assessment, dotSec can deliver all the services you require, including vulnerability assessment (and management), penetration testing, red/blue/purple teaming, adversary emulation, and endpoint (EDR/XDR) protection-evasion and testing.  

And we frequently provide maturity assessment and (more importantly) improvement services against standards and frameworks including ISO/IEC 27001:2022, the PCI DSS, the ASD Essential Eight, the CIS Essential Controls and the NIST CSF.

dotSec cyber security – do more business, more securely!  

Scroll to Top