@TantoSecurity profile picture
Tanto Security @TantoSecurity

Tanto Security is a leading provider of advanced offensive cyber security services to leading organisations across Australia, New Zealand and North America.

Joined June 2021
  • Tweets 208
  • Following 89
  • Followers 439
37 Photos and videos
Our brilliant and talented Sam picked up a 4G industrial router from a second hand store, and as they say in the biz, what he found will shock you. Check out the blow-by-blow as he wound up logged in to a "fake" root account. Full dets over on the blog: tantosec.com/blog/2026/04/ro…

A Route to Root in a 4G Industrial Router

A journey into the USR-G806AU 4G LTE industrial router. From fake root accounts to real and undocumented root accounts, and the discovery of hardcoded credentials that expose devices to remote...

tantosec.com
1
3
86
🔥ℝ𝕖𝕒𝕕𝕪 𝕥𝕠 𝕓𝕣𝕖𝕒𝕜 𝕥𝕙𝕖 𝕤𝕥𝕒𝕔𝕜 𝕒𝕟𝕕 𝕡𝕨𝕟 𝕥𝕙𝕖 𝕙𝕖𝕒𝕡? Corelan Stack (Feb 3-6) Heap (Feb 9-12) in Melbourne 🇦🇺 — the ultimate exploit dev combo, back to back 💥 Do both = earn your shot at CCED 😈 Seats 👉 bit.ly/corelan-training  💛 Sharing = caring
0:16
1
4
897
Are you going to be in or around Wellington on the 7th-8th November? Are you a student or currently unwaged? TantoSec wants to get you to Kawaiicon❤️ We have tickets to give away. They cover entry to the con only. Travel & accom aren't included. Send us a DM if you can make it😎
2
3
290
Tanto Security retweeted
Black Lantern Security (BLSOPS)@BlackLanternLLC
9 Oct 2025
🚨BBOT Security Advisory🚨 4 fresh CVEs (2 CRITICAL RCE) can give a clever defender RCE on your attack box if you’re on BBOT <2.7.0. Hat tip to @justinsteven of @TantoSecurity for the catch. 🙌 Details 👉BLS Blog blog.blacklanternsecurity.co… #infosec #CVE

BBOT Security Advisory - gitdumper, unarchive

BBOT Gets Its First CVEs

blog.blacklanternsecurity.com
4
7
625
Tomorrow at @AISA_National CyberCon in Melbourne 👀
0:34
2
96
Tanto Security ❤️ @DownUnderCTF - and when they asked us if we could do a pentest of their new brand new CTF scoreboard we knew we had to say yes. With their permission we are proud to release the full pentest report today! 👇
1
4
9
889
more replies
@DownUnderCTF have published their annual infra writeup at downunderctf.com/blog/2025/i… and today's an extra special day, because they're open sourcing their scoreboard, noCTF! 🎉 we think it's pretty dang good (and probably pretty secure)

DownUnderCTF

The Largest CTF Down Under!

downunderctf.com
1
3
169
We think @DownUnderCTF does incredible work, and Tanto Security is proud to have been a sponsor since 2023. Thank you friends for letting us pentest your new scoreboard, and we'll see you for DownUnderCTF 7 in 2026 🫡
3
137
🚆🚄🚅🚉🛤️🚃🚂 Training Alert! We are partnering with @corelanc0d3r to bring his amazing exploit dev workshop to Melbourne for the first time. Want to take your exploit dev to the next level? Check out events.humanitix.com/corelan… Early Bird Discounts if you get in before October 1

Corelan: Stack based exploit development / Heap exploitation masterclass

Taught by Peter “corelanc0d3r” Van Eeckhoutte (Corelan), in partnership with Tanto Security, we bring you 2 of the most sought-after exploit development courses

events.humanitix.com
5
6
1,234
Always happy to be back supporting Australia's greatest HackerCon 🥷
BSidesCanberra@BSidesCbr
13 Aug 2025
A big thank you to Silver sponsor & long-time friend, @TantoSecurity. They’re back for their third year supporting BSides Canberra and the community, and have also contributed accepted talks to this year’s conference. More at: tantosec.com
1
6
326
Our Technical Director and co-founder @marcioalm will be at the Melbourne AppSec & DevSecOps Summit next week! He'll be pondering the changing nature of software assurance alongside @jksdua and friends of TantoSec @volvent and @pamoshea
1
2
5
416
Tickets are free for practicing professionals. Come along and learn yourself an AppSec! clutchevents.co/events/melbo…

Melbourne AppSec & DevSecOps Summit 2025 | Clutch Events

Join us in August to strengthen your development process with cutting-edge security practices. Connect with experts, explore automation, secure containers, and gain practical insights through...

clutchevents.co
95
It's blog post day! 🎉 Our email whisperer Ben Wilson has distilled his Outlook email spoofing journey from @BSidesCbr 2024 into a terrific post, walking you through the process of exploring niche email tricks that bypass anti-spoofing controls 👇
0:58
2
4
5
696
He ends up delivering a perfectly spoofed email, indistinguishable from one that would have been sent from within the victim organisation. Some of the tricks have been patched 🥳 some tricks haven't 👀 so grab a cup of tea and get busy reading 😁 tantosec.com/blog/2025/08/mo…

A Modern Approach to Outlook Email Spoofing

A detailed walkthrough of how to bypass modern Outlook email protections by exploiting SMTP header parsing.

tantosec.com
3
111
Come check out @an1msh_ talk at BSides CBR in September.
BSidesCanberra@BSidesCbr
4 Aug 2025
"Navigating Bug Bounties: From NAs to P1s" Animesh Acharya shares the real story behind the stats, the quiet lessons between frustration and breakthrough. For anyone stuck, starting out, or seeking practical tips to level up their bug bounty game. cfp.bsidescbr.com.au/bsides-…
1
4
286
The Melbourne TantoSec crew got outside and touched some grass 🙌
1:07
1
4
256
Tanto Security retweeted
DownUnderCTF@DownUnderCTF
23 Jul 2025
Swinging from the treetops with a mighty roar of thanks to our sponsors — @googlecloud, @TantoSecurity, @3xploit5ecurit7, REA Security, @TrenchantARC, Mantel Group, @Division5io, @VolkisAU, asontu & @PentesterLab! You made this wild adventure unforgettable! 🦁🌴🎉
1
3
8
501
0:20
3
4
626
2 days to DUCTF. Registrations are open! Get your team together and see what the team have cooked up
DownUnderCTF@DownUnderCTF
16 Jul 2025
Less than 2 days to go! The clock never stops! ⌛ Registrations are now open at: 2025.duc.tf Welcoming all skill levels! We can’t wait to show you what the team has cooked up this year! 🧑‍🍳
2
190
Load more