Cyber Security Services

Lapidux offers a range of cyber security services for businesses of any scale. These encompass businesses who wish to proactively prevent breaches, as well as those who have already fallen victim to a hack. You can browse these by category or view them all

Service Categories

All Services

Auditing
Are you concerned about existing code or infrastructure? We can audit your code, resources and practices in order to produce a report of recommendations and actionable changes. Get an expert's opinion before you're hacked to avoid wishing you had protected your assets sooner.

More details
Incident Response/Recovery
Have you been hacked? It happens, don't panic. Get in touch and we will reply with urgency to ensure we can investigate & remedy any breaches that may occur. We operate with complete discretion and professionalism in order to determine the scope and entrypoint for any attack on your infrastructure.

More details
Proactive Protection
Like in most industries, simply being responsive isn't enough in information security. Sometimes hacks can occur and damage can be done within seconds, so it is important to be proactive in your security habits and policies. We can educate employees, monitor systems and install & configure protective software to protect your business.

More details

Case Studies

Despite our confidentiality policies, some clients let us publish anonymised reports

MySQL Injection — bypassing admin login in 2020
MySQL Injection, ranked A1 in the 2017 OWASP Top 10, is an avoidable vulnerability found in web applications that do not properly sanitize user input. In a recent engagement, Lapidux performed incident response for a website indexing content for pages in a MySQL database. The website was compromised and defaced by an Indonesian team calling themselves Mine7/SharkXploiter Crew. The team used nothing more than open source tools (SQLMap) and slightly modified webshells.

We dealt with both webshells, fixed the vulnerablities by replacing all MySQL queries with prepared statements and escaping user input, and pushed the changes to the site. We have not seen another attack up to the time of publishing, which is a stark improvement from when the client initially reached out, at which point they had experienced 3 compromises in less than 48 hours.

Read the full story