Meet Apex Labs

The Pros and Cons of Leveraging Artificial Intelligence for Code Development Using an AI coding assistant is rapidly becoming an attractive choice for developers. Instead of analyzing your own problem-solving processes and translating them into code, why not draw on the massive body of developed software that has likely solved your problem a hundred times?… Read more »

How Safe are Electric Vehicle Charging Mobile Applications from Attack? This post provides a review of research on mobile EVCS app security and how vulnerable these apps are from attack. I have detailed my take on the research and findings, as well as what we learn from the research on improving security for mobile electric… Read more »

Can These Languages Eliminate Memory-Handling Vulnerabilities for Programmers? Much has been made recently of the memory safety provided by programming languages like Rust and Go. These languages have been designed to eliminate some of the language weaknesses that make it so easy for C and C++ programmers to write vulnerable software. These memory-safe languages are… Read more »

How Safe are Radar Sensors from Adversarial Attack? This post provides a review of research on radar security and how vulnerable a particular type of radar is to adversarial attack. I have detailed my take on the research and findings, as well as what we learn from the research on improving security within radar-based environments.… Read more »

What We Can Learn From an Examination of the Misapplication of Cryptography In this post, I present my thoughts and learnings from a research paper focused on cryptography use cases demonstrating misapplication. The authors undertook a study building on some previous work by other authors, going further to study the prevalence of false positives in… Read more »

A Deep Dive into ThirdEye and What Researchers Found In this post, I present my thoughts and learnings from a research paper about ThirdEye, an automated Android application testing tool that was created by the paper’s authors. While this tool does not appear to have been released to the public at the time of publication,… Read more »

Apex Labs Dissects a 4-Part Study on Privacy and Security Issues in Electronics Repair Is there data snooping by electronics technicians when we bring our devices in for repair? The researchers in this paper claim to have conducted the first-ever comprehensive study to understand the state of privacy in the electronics repair services industry. While… Read more »

How We Used Vishing to Attack an Internal Corporate Network We are back with the third and final write-up of our social engineering blog series to add to previous posts about an email phishing campaign and target phishing scenarios using social media. This post is all about a vishing call! Vishing or Voice Phishing is… Read more »

How We Identified a Critical Situation for Our Client This is the story of a routine internal network penetration test that led to the identification of a critical security issue.  As part of the normal process, I was exploring the target IPs to discover services, and I could not find anything interesting. In this type… Read more »

How a cybersecurity roadmap can lead you on the road to recovery.  A large municipality had a hunch that their cybersecurity needed to be improved (the fact that they fall prey to the regular business email compromised (BEC) scams and have lost money, as a result, might have been a dead giveaway), so they hired a… Read more »

Breaking Down an Email Phishing Campaign Based on Relationships We are back, with a new blog in our social engineering series – all about target phishing. In my previous post, we discussed a phishing campaign engagement where an email is sent to multiple targets, and the attackers wait for replies. Target phishing, however, depends more… Read more »

Learn the Tactics Savvy Attackers Use to Dodge Anti-Spam Protection and Infiltrate Networks Social engineering attacks are commonly used in red teaming simulations and breaches. While many companies are reducing their web and network attack surfaces, most employees – if not every employee – has one or more of the following communication surfaces that are… Read more »

How We Were Able to Alter API Settings that Control Energy Production During a recent security assessment of an Application Programming Interface (API) that dynamically manages the energy resources for a large energy utility and allows external client devices to communicate with end devices that sit behind the API server, DirectDefense was able to gain… Read more »

How we “stole” our client’s Tesla during a physical penetration test. Protecting Private Internal Data Needs to Start with Enacting Strong External Security We talk a lot about how to protect your organization from being the target of an attack to your internal network by creating strong passwords, keeping network hardware under lock and key,… Read more »

Three areas to secure to ensure your critical infrastructure isn’t vulnerable to a Machine-in-the-Middle (MitM) attack. A multinational corporation in the energy industry enlisted our services to perform a comprehensive security assessment of their XRT Merging Unit. The merging unit sits on the power grid and is responsible for taking battery data from the company’s… Read more »

Students will learn the fundamentals of DevOps and how DevOps teams can build and deliver secure software.  In a time when the drive for technology efficiencies has left security in the dust, organizations focused on developing code are now starting to realize the true importance of what secure DevOps means. DevOps security or DevSecOps is… Read more »

Could your endpoint security stand up to a ransomware attack? Endpoint security is one on a long list of protections your organization should have in place to protect against today’s malicious actors – but simply having endpoint security versus having effective endpoint security are two very different things.   One of our clients, a large financial… Read more »

It’s time to rethink your password policy to prevent modern password attacks.  If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again.   Our client, a global corporation with business units in more… Read more »

What PCI Compliance for Cloud Data Looks Like: Challenges and Maintenance Moving to the Cloud is not as simple as “Just put it in the Cloud and we won’t have to do PCI.” The Cloud can reduce PCI Scope but it can also add to the complexity of maintaining PCI compliance. As we will discuss,… Read more »

Mobile devices are often one of the most overlooked assets from a security perspective. Many people are under the false assumption that mobile devices “can’t get viruses”, “aren’t important”, or that they can ignore mobile updates, when in fact, these devices often store more critical data than people realize, yet statistically are barely more secure… Read more »

Mobile apps have become the preferred choice for today’s consumers, with app usage taking up 90% of all mobile uptime – more than the entire browser-based internet as a whole – and it’s easy to see why. Mobile apps provide a better user experience compared to mobile browsers and desktops thanks to the ease-of-use, speed… Read more »

How DirectDefense leveraged the pandemic to exploit remote access security for a large corporate network through an email phishing campaign While most of the world was busy adapting to the Work from Anywhere #WFA movement that the pandemic suddenly brought on, a certain segment of the population saw a unique opportunity to get into an… Read more »

Tips for Writing Safe but Still Helpful OOO Email Messages. The spirit of the out-of-office autoresponder has never been about email security. Instead, it has traditionally been about providing helpful contact information in the event that a coworker or a customer in need of assistance emails you while you’re away. Simple. But it’s 2021, and… Read more »

You may recall that last year we were able to compromise a major corporate network during a physical penetration test by gaining access to the building under the guise of someone interviewing for a landscaping job. Once inside – due to a lack of network segmentation and other controls – we were able to access… Read more »

How We Put One Client’s Web App Security to the Ultimate Test Did you know that web applications have become the #1 target for the exploitation of vulnerabilities? Check out these alarming stats: Researchers found around 70 types of weaknesses in web applications. (Source: PT Security) 46% of web applications have critical vulnerabilities. (Acunetix’s report… Read more »

Part 1: Get Inside the Heads of the DirectDefense Team as We Launched an Attack on a Client’s System to Bypass Passwords and Gain Access to “Protected” Critical Data This post is the first in a 2-part series addressing the need for strong passwords across all industries to adequately protect important company and user data.… Read more »

Part 2: Get Rid of Weak Passwords like Winter2020 and Password1 – Our Attack into One Company’s Database Highlights the Risk of Poor Passwords This post is the second in our 2-part series addressing the need for strong passwords across all industries to adequately protect critical information. In a recent client engagement, we set out… Read more »

The necessity of the validation and sanitation of URLs for client-side work. As an application pentester, my life is relatively free of conflict. I lack the on-court physical conflict of a professional athlete battling her hated rivals, taunting them on various social media accounts, keeping up her stats, negotiating ever larger contracts with the team… Read more »

Overwhelmed by Azure Security Center? We can help. Azure Security Center can help identify and remediate vulnerabilities on your cloud resources that might go unnoticed. Security Center provides a unified security management system that can provide security insights, detect vulnerabilities and best practice deficiencies, as well as protect against threats. But as your environment grows,… Read more »

Think it’s twisted to use sick children to lure unsuspecting people to provide their credit card information to donate? You bet! Think tactics like this are beyond the schemes of an attacker who will go to any length to steal sensitive data? Never.

How one “hotel guest” gained access to the entire network from a network switch found inside their linen closet during a physical penetration test.

The use of Multi-Factor Authentication (MFA) has greatly increased in recent years, and it’s easy to see why. In October 2019, Microsoft stated, “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.” While the veracity and context of that statistic should probably be taken with… Read more »

How we got into a heavily guarded research facility and took ownership of the network during a physical pen test. You would think that a business whose business is defense intelligence and cyber security would have an impenetrable network, right? We recently conducted a penetration test for a client that proved how simple it was… Read more »

DirectDefense performs Red Team engagements for its clients as a standard service. During many physical Red Team engagements, we are met with physical access control systems that use RFID or NFC to provide authorized users access to certain areas of buildings. These systems are often used to control entry into a building, or control access… Read more »

Tips for a fast recovery after a ransomware attack, and how to mitigate the impact of such an attack with improved data backup.

During application testing, most SQL injection attacks are mundane. Often, when there is one SQL injection, there are many–and they are easily exploitable with tools like sqlmap. Occasionally, an application is largely protected against SQL injection, but something interesting happens on a test. A tester manually validates a SQL injection vulnerability based on server responses,… Read more »

Identify the Common Ways S3 Buckets Can be Misconfigured According to 2017 report, 93 percent of organizations are using some form of cloud computing. This increase brings new threats that many organizations’ current security processes may not be equipped to handle. One of these issues is the use of Amazon S3 buckets (AWS S3) with… Read more »

Turn Your Software Development Security into a Repeatable Engineering Process Companies have long viewed application security testing as a black art that’s dependent upon a small number of experts wielding arcane tools to find vulnerabilities and develop exploits. However, as the velocity of software development increases, the old way of running security tests becomes less… Read more »

A key aspect of testing mobile applications is the ability to observe and modify network traffic. Learn how to use a router with modified firmware to perform HTTP/HTTPS-based traffic interception. 3 Methods for Intercepting Traffic 1. ARP cache poisoning Testers can use man-in-the-middle tools such as Bettercap to force mobile device traffic to a proxy… Read more »

PCI Scope reduction is a great way to make PCI compliance simpler and to reduce risk. Scope reduction reduces the attack surface area and the number of systems that must be maintained to the PCI standards…. “Less is more.” This blog post discusses web page redirects, which are an excellent method to get many systems… Read more »

Tokenization techniques are rapidly evolving to address PCI scope reduction efforts and securing cardholder data from breaches. PCI scope reduction is integral in simplifying PCI compliance and reducing risk overall in the environment. Scope reduction effectively minimizes attack surface area and limits the number of systems that must be assessed to the PCI standards. Regardless… Read more »