Author: Bethany Kozal

Tales From the Road: How DirectDefense Got a Free, Round Trip Ticket to an Airline’s Internal Network During a Physical Pen Test

By: Bethany Kozal 02.14.23

Using Simulated Security Attacks to Test Network and Physical Vulnerabilities DirectDefense was asked by an airline to conduct security testing through simulated security attacks to help identify vulnerabilities that could put the airline’s data and operations at risk. As part of the engagement, DirectDefense: Spoiler Alert: Through effective tactics, like tailgating, we were able to… Read more »

A New Content Agnostic Solution for Fake News Detection

By: Bethany Kozal 02.07.23

Exploring Fake News Detection as a Service Automated or machine-learning solutions for fake news detection are both necessary and challenging in the fight against misinformation. This post explores the first automatic, content-agnostic approach to fake news detection, FNDaaS, which considers both new and unstudied website features. The Challenges of Fake News Detection Using Current Methods… Read more »

Dissecting a Research Paper on Mobile EVCS App Security

By: Bethany Kozal 01.19.23

How Safe are Electric Vehicle Charging Mobile Applications from Attack? This post provides a review of research on mobile EVCS app security and how vulnerable these apps are from attack. I have detailed my take on the research and findings, as well as what we learn from the research on improving security for mobile electric… Read more »

Tales From the Road: When the City Library Can Access the SCADA Network, It’s Time to Rebuild

By: Bethany Kozal 10.06.22

DirectDefense conducted cyber penetration tests for a municipality and found some significant gaps within the SCADA network.

Tales From the Road: How Secure is Your API?

By: Bethany Kozal 08.17.22

How We Were Able to Alter API Settings that Control Energy Production During a recent security assessment of an Application Programming Interface (API) that dynamically manages the energy resources for a large energy utility and allows external client devices to communicate with end devices that sit behind the API server, DirectDefense was able to gain… Read more »

Tales From the Road: Who’s in the Driver’s Seat of Your Physical Security?

By: Bethany Kozal 07.27.22

DirectDefense conducted a physical security test at a utility company and was able to have their run of the business – and a Tesla.

Tales From the Road: BESS and SCADA Network Assessment — Is Your MQTT Traffic Secure?

By: Bethany Kozal 07.13.22

DirectDefense assessed the security of MQTT traffic – the transfer of data to a SCADA system, ultimately controlling critical infrastructure.

Apex Labs – DirectDefense’s Greg Leonard to Instruct SANS Institute Secure DevOps Course

By: Bethany Kozal 06.01.22

Students will learn the fundamentals of DevOps and how DevOps teams can build and deliver secure software. In a time when the drive for technology efficiencies has left security in the dust, organizations focused on developing code are now starting to realize the true importance of what secure DevOps means. DevOps security or DevSecOps is… Read more »

Tales From the Road: What Effective Endpoint Security Looks Like

By: Bethany Kozal 04.20.22

Well-configured endpoint security is critical to protect against a ransomware attack or a security breach, and requires some extra attention.

Tales From the Road: The Anatomy of Password Attacks

By: Bethany Kozal 03.16.22

It’s time to rethink your password policy to prevent modern password attacks. If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again. Our client, a global corporation with business units in more… Read more »