Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
01.16.23What We Can Learn From an Examination of the Misapplication of Cryptography In this post, I present my thoughts and learnings from a research paper focused on cryptography use cases demonstrating misapplication. The authors undertook a study building on some previous work by other authors, going further to study the prevalence of false positives in… Read more »
01.12.23A Deep Dive into ThirdEye and What Researchers Found In this post, I present my thoughts and learnings from a research paper about ThirdEye, an automated Android application testing tool that was created by the paper’s authors. While this tool does not appear to have been released to the public at the time of publication,… Read more »
01.11.23Apex Labs Dissects a 4-Part Study on Privacy and Security Issues in Electronics Repair Is there data snooping by electronics technicians when we bring our devices in for repair? The researchers in this paper claim to have conducted the first-ever comprehensive study to understand the state of privacy in the electronics repair services industry. While… Read more »
12.12.22What We Can Expect in 2023 Based on the Past Year’s Threat Landscape As we gear up for the holidays and new year, it is that time of the year again to review this year’s security-related events and examine the themes for future security challenges we can expect in the coming year that may affect… Read more »
12.06.22How We Used A Vishing Test to Attack an Internal Corporate Network We are back with the third and final write-up of our social engineering blog series to add to previous posts about an email phishing campaign and target phishing scenarios using social media. This post is all about a vishing call! Vishing or Voice… Read more »
10.13.22Hear from a DirectDefense consultant about an internal network penetration test that involved an iSCSI exploitation.
10.06.22DirectDefense conducted cyber penetration tests for a municipality and found some significant gaps within the SCADA network.
09.21.22Breaking Down an Email Phishing Campaign Based on Relationships We are back, with a new blog in our social engineering series – all about target phishing. In my previous post, we discussed a phishing campaign engagement where an email is sent to multiple targets, and the attackers wait for replies. Target phishing, however, depends more… Read more »
08.30.22Learn the Tactics Savvy Attackers Use to Dodge Anti-Spam Protection and Infiltrate Networks Social engineering attacks are commonly used in red teaming simulations and breaches. While many companies are reducing their web and network attack surfaces, most employees – if not every employee – has one or more of the following communication surfaces that are… Read more »
08.17.22How We Were Able to Alter API Settings that Control Energy Production During a recent security assessment of an Application Programming Interface (API) that dynamically manages the energy resources for a large energy utility and allows external client devices to communicate with end devices that sit behind the API server, DirectDefense was able to gain… Read more »
