penetration testing

We are hiring yet again - need a pentester

We are looking for a penetration tester again. The business has been growing steadily and we need more people.

We will prefer somebody from Belgium or EU, but will consider applications from other countries if you have solid prior experience in penetration testing. We are located in Brussels, Belgium. The job is full time, mostly on customer sites in Belgium.

We are hiring again!

Once again, we are looking for a penetration tester. See this post for a descriptiong of skills we are interested in. Prior penetration testing experience is a plus, but not a must, provided that you have the necessary knowledge, both practical and theoretical. The job is in Brussels, Belgium, working remotely may be possible for some projects, but most of the time you'll have to be on site.

Contact us at info@gremwell.com if you are interested.

Burp plugin for scanning GWT and JSON HTTP requests

Update: Burp Suite Pro 1.4.10 supports JSON scanning out of the box, see http://releases.portswigger.net/2012/06/v1410.html
Update 2: The plugin is released under the terms of GNU GPL. In short it means that you can use it and change it as you like, publish the changes under GNU GPL if you like, but cannot include it as a part of any closed-source software. If you really want to use it as a part of closed-source software, contact me, we can figure something out.

Does your test system support SSLv2?

Since July 2010 Ubuntu has disabled support for SSLv2 in OpenSSL library. If you are testing remote hosts for SSLv2 using a client that does not support it, you are getting false negatives.

Here is how you can check if you system supports SSLv2:

alla@notsoshiny:~$ socat OPENSSL-LISTEN:1080,method=SSLv2,cert=cert.pem,verify=0 READLINE

cert.pem has to be a valid certificate file that includes a private key. Generate one with OpenSSL if you don't have it.

We Are Hiring

We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.

You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.

About Gremwell - Penetration Testing Services in Belgium

Gremwell offers security consulting services in the area of penetration testing, ethical hacking, vulnerability assessments and security code and configuration reviews. We are located in the neighbourhood of Brussels, and service clients in Belgium and abroad. Read about our team, our clients, and how we work.

Our services include:

  • Web application security tests
  • Mobile applications security tests
  • External and internal network security assessments and penetration tests
  • Telephony and VoIP systems security tests
  • Hardware security tests (CPE hardware security, alarm systems, RF and mobile communication systems, cryptographic devices, payment systems)
  • Custom application and system security testing

Contact us to discuss your project.

Gremwell develops MagicTree - a data management tool for penetration testers.

Subscribe to RSS - penetration testing