Author: Bethany Kozal

Tales From the Road: An External Pen Test Reveals the Dangers of the Dark Web

An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »

Tales From the Road: How Social Engineering Penetration Testing Proved to be A Fruitful Method of Attack

During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »

A person holding a Google Chromecast remote and pointing it to a TV screen.

We Uncovered a Chain of Chromecast Vulnerabilities – Here’s Why It Matters.

What We Did, and What You Should Know Before Installing a Custom OS A DirectDefense security researcher, Nolen Johnson, joined two other researchers to exploit three Chromecast vulnerabilities present in the Chromecast with Google TV (CCwGTV) 1080P.  The team developed a chain of three exploits that ultimately allowed an individual to run a custom OS/unsigned… Read more »

Tales From the Road: The Fortifying Abilities of an In-Depth Web Application Security Assessment

Internal app assessments, while helpful, won’t reveal all of the vulnerabilities weakening your security. Web applications, or web apps, are a common and useful way for companies to interact with both employees and customers. Without adequate assessment, however, security risks thrive, leaving the door open for bad actors to manipulate the systems and cause serious… Read more »

Tales From the Road: OT Security Assessment of Water Utility Illuminates the Path for Widespread Industry Improvement

Our recent OT security assessment at a private water utility illustrates how no industry is safe from security threats. Regardless of sector, all industries, from education, to finance, to water treatment, are susceptible to bad actors taking advantage of their internally-overlooked vulnerabilities. While water utilities have historically lagged behind other industries in OT security, the… Read more »

Tales From the Road: The Power of Physical Penetration Testing

Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »