To Top

Cybersecurity REsearch & Consultation

A hacker's-eye view into your organization.

About Us

What we DO

And how We Can Help

TalonFour is a world-class cybersecurity and research development house based in Sydney, Australia led by veteran security researchers, with a team of dedicated, passionate engineers. 

We provide cutting edge cybersecurity research and development, along with best-practices to employers and employees with high-quality, hands-on interactive workshops.  We also provide consulting, and in-depth security analysis services including malware analysis, digital forensics, reverse engineering, security consulting, penetration testing, and more.

We'd love to hear from you, and see what we can do for your company.

Empowering Education

We aim to help in any way we can. With top-notch workshops, and training materials, we can help your team become cybersecurity superheroes.

Got a hacked website? Wordpress not playing nice? Malware malfunction? Let us take a look. We're experts at analysing, and cleaning out hacked websites.  

All removals come with a complete report. We're on call to tackle any security-related issues you might run into as a business owner, and thrive to be as helpful as possible.

Affecting positive change

Nobody wants to become a victim of a breach, or cyberattack.

By undergoing a comprehensive vulnerability scan, we can help detect exploitable weaknesses within software, or hardware in use by your business. We can also help with the human-element.

With phishing attacks on the rise, and a favourite method of choice by cybercriminals, we're fully prepared to help educate employees on techniques for identifying such risks.

Exposing security Vulnerabilities

Cybersecurity can be a complex, and daunting topic. We aim to make it easy-to-digest, and assist in assessing your cybersecurity infrastructure needs.

All of our work comes with reports heavy on screenshots, explanations of technical issues broken down into more human-readable language, and will be thoroughly explained to you by our technicians.

We can deliver reports in your choice of format, and can offer ongoing analysis plans.

How We Work

We pride ourselves on our ability to break down complex ideas and concepts into something that's easy to digest for the everyman (or woman!). This combined with our comprehensive security audits mean you can gain a clearer insight into your organizations infrastructure and blind-spots.

Insight

Be it a missed patch, a poorly configured router, or something even more nefarious, we can help you spot security-holes exploitable by hackers.

Protection

We help keep data-scrapers, automated attacks, DDoS, and other large-scale attacks at bay, as well as keeping you safe from more targeted attacks.

Communication

With comprehensive, easy to understand audit reports, you can get a better picture of your organization's IT infrastructure.

Creativity

We're always on the watch for the latest breaking news in the world of cybersecurity, and have our own specialist in-house research team

Workshops

Let us Share our knowledge

We believe that success depends on the strength of the team. A team performs optimally when all links in the chain are as strong as possible. With our in-depth employee training and education workshops we aim to impart a lasting mindset of thinking secure.

Workshops

With real-world examples of attacks (but not TOO specific, of course), we aim to show employees what to watch out for.

Hands-on 
Interactive, memorable

Demos

We aim to show employees the 'little things' to keep an eye out for, and we share the telltale traces of malicious tools.

Live Demonstrations
Defend by example

Materials

High-quality printed, and digital materials are available for employees to take home, and keep for reference.

take-home materials
Reference guides and more

Engagement

Learning is both more effective, and engaging when it's hands-on, and we strive to make sure everything do is both educational AND enjoyable.

Deep Engagement
Lessons that stick-around

We want to change
how you think about security

With the skyrocketing upswing in global cybercrime, it's more crucial than ever to have adequate safeguards in place to protect customer data.

Using cutting-edge tools and techniques, we can simulate the situation of a motivated attacker attempting to infiltrate your network, or steal data.

 

We utilize industry leading technology, and some of the brightest minds around to keep abreast of new developments, and updates in the world of cybersecurity. We're always working on new, and creative ways to keep you safe.

Learn to spot the hidden warning signs

Enabling proactive protection

By utilizing tools, and presentation methods from leading security-tool providers, we're able to offer an insight into how the crooks operate, and what to watch out for.

With detailed training materials, and consultants on hand, your employees will be far better prepared to deal with modern attacks.

Services

We Are Here For You

From workshops, to consultation, to network audits, we have you covered. Learn how we can help your business better understand your security landscape.

Staff education

As cybercriminals get craftier and data becomes more valuable, it's more important than ever to ensure your team is cyber-aware.

Our workshops teach employees security best-practices and methods for analysing suspicious situations themselves. We aim to make security and important part of your daily workflow.

  • Phishing attack identification
  • Secure, and ultrasecure communications
  • Common attack vector explanations
  • Defense-forward thinking skills
  • Data tampering identification
  • Social-engineering defenses
  • Shared network risk identification
  • Infection risk explanations
  • High quality take-home materials.

Network Analysis

Your IT network is your business's most important asset. We can help identify any possible flaws in your infrastructure.

With reports compiled and delivered throughout and after the audit process, we provide an unparalleled insight into your network architecture from the perspective of a motivated hacker.

  • Internal network analysis
  • Website analysis
  • Wireless network analysis
  • Staff security awareness analysis
  • Computer systems security analysis
  • Slack-space analysis
  • Drive/RAM imaging
  • Mobile device security analysis
  • Antivirus systems analysis

Attack Simulation

Whether it's a DDoS, spear-phishing, campaign, or something even more nefarious. It's crucial to be prepared.

It's impossible to know how your business with fare under attack without putting it to the test. We can help launch several safe, simulated stress-testing campaigns and analyze the results.

  • DDoS Simulation
  • Spear-phishing simulation
  • Data-theft simulation
  • Zero-day exploit simulation
  • Website compromise simulation
  • Physical-access control theft simulation
  • Air-gapping attack simulation
  • Credential/session theft simulation
  • WiFi Breach/Rogue AP Simulation

Policy Analysis

It's important to have a response plan in place in the event of a breach or, rogue employee.

With attackers frequently targeting cardholder, and confidential customer information, it's important to keep such things private. We can help your company safe, and able to respond in a timely, and responsible manner.

  • Maintaining a secure network
  • Protecting confidential data
  • Vulnerability management
  • Access control measure analysis
  • Content auditing
  • Network monitoring and testing
  • Information security policy review
  • Deployment and testing
  • Current policy review and revision
We Are Educators
We Are Hackers
We Are Explorers
We Are Curious
We Are Analysts

— And we never stop discovering —

Our Process

We  Strive to Make Our Customers Happy

Analyze

We begin with a comprehensive scan of your infrastructure, and conduct a review of security policies.

Concept

We then draft up an in-depth plan for remediation of any issues found, and how to tailor your workshop experience.

Develop

Then we present our findings, and engage in workshops, and educational sessions with employees.

Maintain

We can deliver ongoing, monthly security & health reports, new training materials, and other content.

We pride ourselves on our ability to understand your IT needs, and provide high-quality assesment, training, and remediation solutions in an extremely cost-effective manner

The Numbers

the real Nitty gritty

10000
reported incidents of cybercrime per month in Australia on average
146
Days on average an attacker resides within a network before detection
18
Victims per second of cybercrime, network, and data theft incidents
142
Dollars is the average cost per confidential record stolen in a breach

Don't let your organization become a victim of cybercrime.

Common Breach Vectors

A small example of big problems

Whether it's the latest network-crippling zero-day, or a sophisticated social-engineering campaign, we can help you and your employees identify, and prevent a wide variety of attacks. We believe that your staff is your first line of defense when it comes to cybersecurity. Let us help you be prepared.

Ransomware is a type of malicious software that threatens to publish the victim's data or block access to it unless a ransom is paid. More advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.

We can help your employees identify these attempts, and prevent them from harming your organization.

  

Phishing is the process of sending specially forged communications, and by disguising as a trustworthy entity. It is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one and the only difference is the URL of the website in concern.

Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that're infected with malware.

We provide training and education on how to spot, and intercept such attempts, reporting best-practices, and what telltale signs to look for.

Data theft is a growing phenomenon primarily caused access to technology such as database servers, desktop computers and a growing list of hand-held devices capable of storing digital information, such as USB flash drives, phones and even digital cameras.

Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for, they may feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.

We can help educate your staff on the risks, and ethical issues regarding the handling sensitive data.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored.

Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware. We can help you detect, and identify keyloggers, and teach employees to do the same.

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

A DoS or DDoS attack is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations.

Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways, though small-to-medium business are frequently targeted as well.

We can help mitigate and block these attacks, stopping attackers dead in their tracks, and letting business resume as normal.

Browser-Attacks are a form of Internet threat related to man-in-the-middle attacks using a proxy trojan, or hook that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.

Attackers are then capable of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

We can help detect unwanted visitors on your network, and in your browsers and help your employees learn to do the same.

 

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

We can teach your employees the risk of connection-manipulation, and mitigation techniques.

59%
Ransomware delivered by email
76%
Organizations are victims of phishing attacks
62%
Data theft happens to small-to-mid businesses
45%
DDoS attacks were more than 10 gigabits
61%
Browser attacks using hooking, or clickjacking
86%
Attacks beginning with an XSS vulnerability

GET IN TOUCH