Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
07.10.24Organizations with security maturity can greatly benefit from annual red team assessments to keep up with the ever-evolving cyber threat landscape. Major organizations that hold detailed and private information are prime targets for malicious attackers, regardless of industry. Bad actors will find ways to break through physical and cyber barriers to obtain and sell personal… Read more »
07.01.24Introduction: Implications of These Findings This piece details the development of a chain of two exploits intended to allow an individual to run a custom OS/unsigned code on the Pixel Tablet Dock and utilize that to perform further security-research on the Pixel Tablet itself. The injection vector, as well as the ability to bypass AMLogic (AML)… Read more »
04.16.24An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »
03.28.24During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »
03.20.24Never underestimate the abilities of people with too much time on their hands and a pension for malicious activity. Hardware and software security assessments are a key component of maintaining the safety, security, and compliance of any device type, almost regardless of the environment in which they are used. But when the environment is a… Read more »
01.22.24What We Did, and What You Should Know Before Installing a Custom OS A DirectDefense security researcher, Nolen Johnson, joined two other researchers to exploit three Chromecast vulnerabilities present in the Chromecast with Google TV (CCwGTV) 1080P. The team developed a chain of three exploits that ultimately allowed an individual to run a custom OS/unsigned… Read more »
01.16.24Internal app assessments, while helpful, won’t reveal all of the vulnerabilities weakening your security. Web applications, or web apps, are a common and useful way for companies to interact with both employees and customers. Without adequate assessment, however, security risks thrive, leaving the door open for bad actors to manipulate the systems and cause serious… Read more »
12.06.23Chromecast with Google TV (1080P) Secure-Boot Bypass Introduction: Implications of These Findings This piece details the development of a chain of three exploits intended to allow an individual to run a custom OS/unsigned code on the Chromecast with Google (CCwGTV) 1080P. Security researchers Jan Altensen, Ray Volpe, and I developed this chain of vulnerabilities as… Read more »
10.05.23Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »
09.07.23How Secure Are Your Organization’s Premises? When it comes to entry points into an organization, network security gaps and vulnerabilities aren’t the only concern. Bad actors can choose a more traditional way in – physically walking through the doors. You may have locks, ID badges, cameras, and employee protocols, but the best way to know… Read more »
