penetration testing

We are hiring yet again - pentester job

alla — Wed, 22 May 2019 10:06:26 +0000

We are hiring yet again - pentester job

We are looking for a penetration tester again. The business has been growing steadily and we need more people.

We will prefer somebody from Belgium or EU, but will consider applications from other countries also. We are located in Brussels, Belgium. The job is full time, mostly on customer sites in Belgium.

The job involves performing security testing, alone or in a team. We perform a wide variety of security tests, from web applications security to hardware hacking, from low-level network security testing to telephony and VoIP security. What kind of tests you will be involved in depends on your interests and skill set. Apart from testing, you will have to write project reports, and interact with the clients before, during and after the test execution. You might also have to develop tools or use and adapt tools developed by other team members. Some project management is also expected.

You will constantly have the opportunity to work with new products and technologies, learn new tools and techniques and share the knowledge.

You get a competitive salary, a company car, laptop, cell phone subscription, Internet connection at home paid, home office compensation, rail pass, etc. The conditions are negotiable (see the previous job ad with regards to cream toffees).

We are looking for somebody with a solid background in IT security, ideally an experienced pentester. We would like to see:

In-depth knowledge of and interest in computer security. You are familiar with the concepts, tools and methods used in IT security and specifically in penetration testing. Most importantly, you love security, you enjoy hacking, when you figure out how to exploit some tricky bug you feel happy for the rest of the day.
Prior experience in penetration testing is a huge plus
Knowledge of web application technologies and web application security. Familiarity with web application testing tools, such as intercepting proxies, application vulnerability scanners, etc. You have used intercepting proxies, you can exploit an SQL injection manually or with a tool, you know why there is more to XSS than <script>alert(1);</script> (and you can write the that script-alert-script thingy without having to look up the syntax. I wish I was joking)
In-depth knowledge of TCP/IP and application-level protocols and their security concepts. I mean more than "what's the difference between TCP and UDP?" sort of questions.
Understanding of networking on link level is a plus
Knowledge of operating system security concepts (and if you understand the security architecture of iOS and Android and can explain the differences, we love you already)
Knowledge of mobile application security is a plus
Knowledge of voice technologies is a plus
Working knowledge of electronics is a plus
Ability to code and read other people's code. If you have done security source code reviews, that's great.
Ability to speak and write clearly in English is a requirement, knowledge of French and Dutch is a plus
Send your CV to info@gremwell.com with [Job] in the subject.

alla Wed, 05/22/2019 - 12:06

We are hiring again!

alla — Thu, 06 Dec 2012 10:07:15 +0000

We are hiring again!

Once again, we are looking for a penetration tester. See this post for a descriptiong of skills we are interested in. Prior penetration testing experience is a plus, but not a must, provided that you have the necessary knowledge, both practical and theoretical. The job is in Brussels, Belgium, working remotely may be possible for some projects, but most of the time you'll have to be on site.

alla Thu, 12/06/2012 - 11:07

Burp plugin for scanning GWT and JSON HTTP requests

alla — Fri, 01 Jun 2012 12:36:34 +0000

Burp plugin for scanning GWT and JSON HTTP requests

Update: Burp Suite Pro 1.4.10 supports JSON scanning out of the box, see http://releases.portswigger.net/2012/06/v1410.html
Update 2: The plugin is released under the terms of GNU GPL. In short it means that you can use it and change it as you like, publish the changes under GNU GPL if you like, but cannot include it as a part of any closed-source software. If you really want to use it as a part of closed-source software, contact me, we can figure something out.

A while ago Alex came up with a solution to get Burp to scan JSON formatted requests. It required a rather involved setup with two Burp listeners and an Apache server acting as a proxy packing and unpacking JSON data for Burp's consumption.

A more straightforward solution to the problem would be making a Burp plugin using BurpExtender interface that parses the request, marks appropriate insertion points and feeds it to Burp.

And now we have it. As a bonus, it is also capable of scanning GWT (Google Web Toolkit) requests. Download the JAR file or the source code.

Running Burp on Unix/Linux:
java -classpath burpsuite_pro_v1.4.07.jar:Gwtscan.jar burp.StartBurp

Running Burp on Windows:
java.exe -classpath burpsuite_pro_v1.4.07.jar;Gwtscan.jar burp.StartBurp

Using the plugin:

Select the reques or requests you want to scan in Burp proxy or target
Select "Actively scan GWT request(s)" or "Actively scan JSON request(s)" from the context menu
That's all

alla Fri, 06/01/2012 - 14:36

Does your test system support SSLv2?

alla — Wed, 09 May 2012 08:55:49 +0000

Does your test system support SSLv2?

Since July 2010 Ubuntu has disabled support for SSLv2 in OpenSSL library. If you are testing remote hosts for SSLv2 using a client that does not support it, you are getting false negatives.

Here is how you can check if you system supports SSLv2:
alla@notsoshiny:~$ socat OPENSSL-LISTEN:1080,method=SSLv2,cert=cert.pem,verify=0 READLINE

cert.pem has to be a valid certificate file that includes a private key. Generate one with OpenSSL if you don't have it.

If you get an error message saying "null ssl method", than you system does not support SSLv2. Go to When Distros Sneak Attack and read how to patch OpenSSL (or rather remove a patch) to support SSLv2 again.

If you get no error message, try connecting to your listener with openssl s_client and check that SSLv2 connection is established. If it works, you can proceed testing remote servers.

And while you are at it, have a look at sslcaudit - a wonderful tool for automated testing of SSL clients, that Alex has developed.

alla Wed, 05/09/2012 - 10:55

We Are Hiring

alla — Thu, 08 Mar 2012 14:15:26 +0000

We Are Hiring

We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.

You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.

Obviously, you get a salary, and other perks, such as a laptop, cell phone, a paid Internet connection at home, hospitalisation insurance, etc. Pay and benefits are discussable, so if, for example, you always dreamt of getting your bonuses in cream toffees, that can be arranged.

We are looking for penetration testers with a broad knowledge in IT security domain, but if you happen to specialise in some area this is ok as well. For web application penetration testers we are looking for:

Web application knowledge. You understand HTTP, you can read/write HTML and JavaScript, you understand web application security. You can use intercepting proxies. You can read (and write at least a "hello world" with minimum Googling) in common web development languages (Java, ASP, .NET, PHP). Web development knowledge is a large plus.
Security. Uhm, I don't know exactly how to describe it. You know and love security. If you are asked what XSS is, you can talk for half an hour. You can exploit an SQL injection where automated tools fail (okay, at least sometimes). You can explain why an invalid SSL certificate on a server is a bad thing.
Human interface. You can write a report that people won't mind reading. You can talk to people and explain security to them. You can think about security in terms of business impact. You can speak and write in English (uhm, and read and listen too). Dutch and French in addition to English are also welcome.
Certificates. Nice to have.

For more network-oriented penetration testers we are looking for:

Excellent knowledge of networking - link level, TCP/IP, application level. You know how to capture network traffic and you know what to do with it once you captured it. Experience in system/network administration is a plus.
Familiarity with Windows and Unix/Linux. You can use them, you can install and configure them, you understand the security models.
Programming. You can script. Perl, python, ruby, shell, whatever you like. The more the better. At least you should be able to read and fix Perl/shell scripts.

Also, if you are good in Java and willing to help with development of MagicTree, it is a plus. If you don't know what is MagicTree, it is a minus.

Looks good? Send your CV to info@gremwell.com with [Job] in the subject.

alla Thu, 03/08/2012 - 15:15

About Gremwell - Penetration Testing Services in Belgium

alla — Fri, 11 Dec 2009 19:24:19 +0000

About Gremwell - Penetration Testing Services in Belgium

Gremwell offers security consulting services in the area of penetration testing, ethical hacking, vulnerability assessments and security code and configuration reviews. We are located in the neighbourhood of Brussels, and service clients in Belgium and abroad. Read about our team, our clients, and how we work. Our services include:

Web application security tests
Mobile applications security tests
External and internal network security assessments and penetration tests
Telephony and VoIP systems security tests
Hardware security tests (CPE hardware security, alarm systems, RF and mobile communication systems, cryptographic devices, payment systems)
Custom application and system security testing

alla Fri, 12/11/2009 - 20:24