Tales from the Road Archives

Tales From the Road: An External Pen Test Reveals the Dangers of the Dark Web

By: Bethany Kozal 04.16.24

An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »

Tales From the Road: How Social Engineering Penetration Testing Proved to be A Fruitful Method of Attack

By: Bethany Kozal 03.28.24

During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »

Tales From the Road: An Ongoing Hardware Assessment in a High-Risk Environment

By: Bethany Kozal 03.20.24

Never underestimate the abilities of people with too much time on their hands and a pension for malicious activity. Hardware and software security assessments are a key component of maintaining the safety, security, and compliance of any device type, almost regardless of the environment in which they are used. But when the environment is a… Read more »

Tales From the Road: The Fortifying Abilities of an In-Depth Web Application Security Assessment

By: Bethany Kozal 01.16.24

Internal app assessments, while helpful, won’t reveal all of the vulnerabilities weakening your security. Web applications, or web apps, are a common and useful way for companies to interact with both employees and customers. Without adequate assessment, however, security risks thrive, leaving the door open for bad actors to manipulate the systems and cause serious… Read more »

Tales From the Road: OT Security Assessment of Water Utility Illuminates the Path for Widespread Industry Improvement

By: Bethany Kozal 10.16.23

Our recent OT security assessment at a private water utility illustrates how no industry is safe from security threats. Regardless of sector, all industries, from education, to finance, to water treatment, are susceptible to bad actors taking advantage of their internally-overlooked vulnerabilities. While water utilities have historically lagged behind other industries in OT security, the… Read more »

Tales From the Road: The Power of Physical Penetration Testing

By: Bethany Kozal 10.05.23

Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »

Tales From the Road: Physical Penetration Testing Breaches Weak Boundaries

By: Bethany Kozal 09.07.23

How Secure Are Your Organization’s Premises? When it comes to entry points into an organization, network security gaps and vulnerabilities aren’t the only concern. Bad actors can choose a more traditional way in – physically walking through the doors. You may have locks, ID badges, cameras, and employee protocols, but the best way to know… Read more »

Tales From the Road: What An Enterprise Risk Assessment Looks Like

By: Bethany Kozal 08.15.23

Has your corporation been keeping up-to-date on the latest security practices? An important one to bring into your security repertoire is an enterprise risk assessment. It’s crucial to regularly conduct enterprise assessments to ensure the effectiveness of your corporation’s security measures. An enterprise risk assessment helps your organization continuously update and measure all security protocols,… Read more »

Tales From the Road: A Cybersecurity Breach is Only A Phone Call Away

By: Bethany Kozal 07.10.23

How DirectDefense Compromised a Banking Institution’s Help Desk and Member Services Using a Phone Social Engineering Attack + 5 Common Vishing Pitfalls to Avoid Cyber criminals will stop at nothing to steal personal and confidential information from their target. In recent years, many high-profile attacks have leveraged targeted phone social engineering attacks, known as vishing.… Read more »

Tales From the Road: When it comes to your SCADA Network: Segment. Segment. Segment.

By: Bethany Kozal 06.13.23

How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »

DirectDefense Blog

Category: Tales from the Road