You may recall that last year we were able to compromise a major corporate network during a physical penetration test by gaining access to the building under the guise of someone interviewing for a landscaping job. Once inside – due to a lack of network segmentation and other controls – we were able to access… Read more »
How We Put One Client’s Web App Security to the Ultimate Test Did you know that web applications have become the #1 target for the exploitation of vulnerabilities? Check out these alarming stats: Researchers found around 70 types of weaknesses in web applications. (Source: PT Security) 46% of web applications have critical vulnerabilities. (Acunetix’s report… Read more »
If you don’t want to issue the dreaded boil-water advisory then make sure your wireless network is hacker- proof. How our team was able to drive up to a municipal water utility, join the wireless SCADA network and gain the access needed to do some major damage to the water supply – all in 10… Read more »
Part 1: Get Inside the Heads of the DirectDefense Team as We Launched an Attack on a Client’s System to Bypass Passwords and Gain Access to “Protected” Critical Data This post is the first in a 2-part series addressing the need for strong passwords across all industries to adequately protect important company and user data.… Read more »
Part 2: Get Rid of Weak Passwords like Winter2020 and Password1 – Our Attack into One Company’s Database Highlights the Risk of Poor Passwords This post is the second in our 2-part series addressing the need for strong passwords across all industries to adequately protect critical information. In a recent client engagement, we set out… Read more »
Think it’s twisted to use sick children to lure unsuspecting people to provide their credit card information to donate? You bet! Think tactics like this are beyond the schemes of an attacker who will go to any length to steal sensitive data? Never.
How one “hotel guest” gained access to the entire network from a network switch found inside their linen closet during a physical penetration test.
How we got into a heavily guarded research facility and took ownership of the network during a physical pen test. You would think that a business whose business is defense intelligence and cyber security would have an impenetrable network, right? We recently conducted a penetration test for a client that proved how simple it was… Read more »
Tips for a fast recovery after a ransomware attack, and how to mitigate the impact of such an attack with improved data backup.
How We Compromised a Major Corporate Network During a Physical Pen Test Here’s a “pro tip” for any company out there using armed guards to protect their facility: If you’re not properly segmenting your network, those armed guards can’t do anything to stop an attacker from compromising your company’s private data. We recently conducted a… Read more »