Stealth Cyber’s cover photo
Stealth Cyber

Stealth Cyber

IT Services and IT Consulting

Gold Coast, QLD 1,453 followers

One Breach Can Change Everything. Don't Let It - We find threats before they find you.

About us

One Breach Can Change Everything. Don't Let It. Stealth Cyber is a managed cybersecurity firm built for organisations that can't afford to be breached. We work with SMBs, professional services firms, financial services businesses, and government clients across Australia and globally, delivering proactive protection that goes well beyond what a standard IT provider offers. Most organisations discover a breach long after the damage is done. Attackers move quietly. They harvest credentials, map your environment, and wait. By the time an alert fires, they've already been inside for weeks. We exist to close that window. Our team holds offensive security certifications. We understand how intrusions actually happen because we've studied and simulated them. That background informs everything we do, from how we configure detection rules to how we respond when something hits. What we deliver: AI Security & Engineering AI Management Systems Managed Detection and Response (MDR) Security Operations Centre (SOC) services Essential Eight assessments and remediation Incident response and forensic investigation GRC and compliance advisory Penetration testing and red teaming Security awareness training We operate under the brand Hackers. Defenders. Advisors. because that's genuinely what we are. Not a helpdesk that also sells antivirus. A security firm that thinks like an attacker and defends like one. If your organisation is ready for a straight conversation about where you actually stand, get in touch.

Website
https://www.stealthcyber.io
Industry
IT Services and IT Consulting
Company size
11-50 employees
Headquarters
Gold Coast, QLD
Type
Privately Held

Locations

Employees at Stealth Cyber

Updates

  • We are absolutely pumped to kick off the new FY by welcoming Danielle Kina to Stealth Cyber as our Senior Advisor - Cyber & AI. We are growing fast in our AI services and the demand is only increasing. Dani brings a wealth of experience and knowledge and is going to support this growth. Dani will be based out of our São Paulo office in Brazil - but will be filling a global role and will work with clients across Brazil, the US, and Australia. Welcome to the team Danielle Kina - proud to have you here! Dani will be with the team at Black Hat USA next month, so if you see her around, make sure to say hi - bonus points if you can get her to do the "Danger Dani" pose!

    • No alternative text description for this image
  • In three weeks, thousands of Australian law firms turn into collectors of high-value identity data. Almost none are treating it as the security problem it is. From 1 July, the Tranche 2 AML reforms make law firms providing designated services AUSTRAC reporting entities. To meet your customer due diligence obligations you start collecting and verifying far more sensitive data: identity documents, beneficial ownership, source of funds. Then you hold it for seven years. Law firms are already one of the most targeted sectors in the country, thanks to trust accounts and the value of what sits in your files. Tranche 2 just handed attackers more to aim at, and a longer retention window to find it in. Here is the part the compliance checklists miss. A breach of that data is no longer only a privacy incident. It is a privacy incident and a failure of the AML program that was meant to protect it. One event, two regulators. Writing the program and appointing a compliance officer gets you to the starting line. It does not secure the data. The identity-verification workflow, the retention controls in your Microsoft 365 tenant, who can access client files, and the monitoring that would catch someone before they walk out with seven years of records, that is what decides whether your program survives a real attacker or an AUSTRAC audit. If your firm is in scope, your AML advisors are handling the obligations. Make sure someone is handling the systems they sit on. If you are a law firm and want to know if you have the right protections for whats coming, reach out to our team - contact@stealthcyber.io or drop us a DM.

    • No alternative text description for this image
  • We are delighted to welcome Cellio L. to Stealth Cyber as a Cybersecurity Engineer. Cellio joins us in our Brazil team just in time for us to kick off our discussions about who will win the World Cup! (probably Brazil to be fair). Aside from that, Cellio brings an exceptional skillset in engineering, blue team operations, and is just an all round good human to join our team. We look forward to Cellio jumping in and helping existing clients and creating innovate solutions for our service offerings. Welcome Cellio!!

    • No alternative text description for this image
  • Kat Ho absolutely crushed it today!

    You are as strong as your team, and your team reflects your culture. The Stealth Cyber team attended BSides Gold Coast today to support Kat Ho in her first time presenting. To say we are proud is an understatement, Kat presented on prompt injection and attacking AI and it was an insightful and captivating presentation. We put our people first at SC and we always turn out to support our team. Seeing our team continue to push themselves everyday to learn, grow, and share that knowledge with the industry and each other is inspiring. It's also just always good to get the team together, drink coffee (or strawberry matcha). This team is truly the best i've worked with. If you want to learn more about AI security I encourage you to connect with Kat or the team. Next Stop: Black Hat and Defcon Kat Ho Dana Lucia Mendoza Nasrin Jazayeri

    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
  • We’re so excited to be there supporting Kat Ho as she presents her first ever conference talk at BSides Gold Coast 👏 Her talk, “Ignore All Previous Instructions: A Love Story,” explores prompt injection attacks, AI social engineering, and the growing security challenges surrounding modern AI systems. Who knew that in 2026, one of the biggest cybersecurity conversations would involve humans socially engineering AI models?

    Last week, I was in the Gold Coast for LawBizCon and loved it so much that I’m already coming back this week… but this time, as a speaker at BSides Gold Coast ✨ This will be my first time speaking at a conference, and I couldn’t be more excited. My talk is called: “Ignore All Previous Instructions: A Love Story.” 💌 I’ll be talking about prompt injection attacks, how AI systems can be socially engineered, and why securing LLMs is becoming one of the biggest challenges in cybersecurity right now. Come say hi! (And yes… that was my balcony view from last week)

    • No alternative text description for this image
  • We’re at LawBizCon 2026 today and tomorrow at QT Hotel Gold Coast and we would love to see you! Swing by our booth for a coffee, grab some stickers and a keychain, and have a chat with our team about what we do. Whether you’re curious about where your firm stands security-wise or just want to know what managed cybersecurity actually looks like for a law firm, we’re happy to walk you through it. We’re also offering free security assessments on the spot and you’ll leave knowing exactly where your biggest exposure is. Come find us. We don’t bite, and the coffee’s good. ☕

    • No alternative text description for this image
  • View organization page for Stealth Cyber

    1,453 followers

    Coffee Coffee Coffee! One of our most successful merch items was our Dark Web Roast custom coffee. So by popular request we have brought it back, with its friend, Data Breach Brew. Available at LawBizCon this week at the Stealth Cyber stand, come see our team, get your free security assessment, then get your fix of of our custome coffee blend. If you can't make the conference, or you're just hanging for that sweet sweet caffeine / need a top up from your last bag, hit us in the DM's!

    • No alternative text description for this image
  • The Canvas breach isn't the story anymore. The phishing wave that's about to hit your inbox is. ShinyHunters claim 3.65 TB of data from Instructure including names, school emails, student IDs, and the contents of private Canvas messages between students and teachers. Roughly 275 million people, ~9,000 schools, ~15,000 institutions. Most coverage is focused on the defacement and the "pay or leak" deadline. That's the loud part. The quiet part is what attackers actually do with this kind of dataset. They now have real student names, real teacher names, real course titles, and the contents of years of internal messages which include grade disputes, accommodation requests, safeguarding conversations, mental health check-ins. That's not a phishing list. That's a script. The next "your assignment grade has been updated" email, the next "Mrs. Patel from student services needs you to verify your account," the next call from "IT helpdesk" about your Canvas login are going to be specific, they're going to reference real things, and they're going to work on people who'd normally spot a generic phishing attempt. If you run a school, university, or any institution that touched Canvas, the work this week isn't waiting for Instructure's forensic report. It's: → Revoke and rotate every API key and OAuth token tied to Canvas integrations → Brief your staff and students that the next wave of scams will reference real classes, real teachers, real assignments → Lock down the helpdesk including phishing-resistant MFA, out-of-band verification on any password or MFA reset request → Block OAuth Device Code flow in Microsoft Entra ID via Conditional Access (this is the vishing pivot ShinyHunters has used against Cisco, Allianz, Wynn Resorts and others) → Set retention policies on Canvas messages going forward because the data you don't store is the data the next group can't leak Our team has put together a full breach report covering the timeline, ShinyHunters' methodology, the technical impact, and detailed remediation guidance for institutions, parents, and students. Head over to the blog post and download the resource if you think its might be helpful, link in the comments. Our DM's are open if you have any questions, need any help, or just want to make sense of everything. Don't pay. Don't panic. Patch the identity layer.

    • No alternative text description for this image
  • Today is World Password Day. We think it should be the last one. Passwords have been the weakest link in security for two decades. Every breach we respond to at Stealth Cyber traces back to a credential somewhere. Phished, stolen by an infostealer, replayed from a session token, or simply guessed. Password managers help. MFA helps. Neither solves the underlying problem: shared secrets typed into browsers were never going to win this fight. Passkeys do solve it. Built on the FIDO2 and WebAuthn standards, passkeys replace the password with a cryptographic key pair. The private key never leaves the user's device. The credential is bound to the legitimate website's origin, so a phishing page literally cannot use it. NIST now classifies passkeys as phishing-resistant authentication. Microsoft, Google, and Apple have all committed to the standard across their platforms. For the SMBs we work with in accounting, legal, healthcare, and local government, this matters. Most credential compromise incidents we see could have been prevented by phishing-resistant authentication on the affected account. Not by a stronger password. Not by SMS one-time codes. By a passkey. Our recommendation to every client this World Password Day: 1. Enable passkeys for Microsoft 365 or Google Workspace admin accounts first 2. Issue hardware security keys (YubiKeys or equivalent) to privileged users 3. Roll passkeys out to all staff for primary sign-in 4. Disable SMS as an MFA fallback wherever possible 5. Use Conditional Access to require phishing-resistant authentication for sensitive resources If you'd like help planning or executing a passkey rollout across your organisation, get in touch. Our team handles the assessment, deployment, and user enablement end to end.

    • No alternative text description for this image
  • We attended the AusCyber 2026 Cyber Awards and walked away incredibly proud of what our Stealth Cyber team has built. Being named a finalist in not one, not two, not three… but FOUR categories is a testament to the hard work and dedication this team brings every single day. A huge congratulations to our CEO Chris McDonald, recognised as a finalist for both Thought Leader of the Year AND Cyber Professional of the Year 👏 We’re also beyond proud to be finalists for Incident Response Team of the Year and Cyber Training Business of the Year. The night was filled with incredible people, great energy, and a reminder of just how much talent exists in this industry. It was great connecting with so many familiar and new faces. Did we take home a trophy? Not this time. But four nominations tells us everything we need to know about where Stealth Cyber is heading. We’re building something real and we’re just getting started ✨

    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image

Similar pages