Tales From the Road: When the City Library Can Access the SCADA Network, It’s Time to Rebuild
10.06.22DirectDefense conducted cyber penetration tests for a municipality and found some significant gaps within the SCADA network.
10.06.2210.06.22Location: Apex
10.06.22
Part 2: Target Phishing — It’s Gotten Personal
09.21.22Breaking Down an Email Phishing Campaign Based on Relationships We are back, with a new blog in our social engineering series – all about target phishing. In my previous post, we discussed a phishing campaign engagement where an email is sent to multiple targets, and the attackers wait for replies. Target phishing, however, depends more… Read more »
Part 1: Protect Your Organization from Social Engineering
08.30.22Learn the Tactics Savvy Attackers Use to Dodge Anti-Spam Protection and Infiltrate Networks Social engineering attacks are commonly used in red teaming simulations and breaches. While many companies are reducing their web and network attack surfaces, most employees – if not every employee – has one or more of the following communication surfaces that are… Read more »
Tales From the Road: How Secure is Your API?
08.17.22How We Were Able to Alter API Settings that Control Energy Production During a recent security assessment of an Application Programming Interface (API) that dynamically manages the energy resources for a large energy utility and allows external client devices to communicate with end devices that sit behind the API server, DirectDefense was able to gain… Read more »
Tales From the Road: Who’s in the Driver’s Seat of Your Physical Security?
07.27.22DirectDefense conducted a physical security test at a utility company and was able to have their run of the business – and a Tesla.
Tales From the Road: BESS and SCADA Network Assessment — Is Your MQTT Traffic Secure?
07.13.22DirectDefense assessed the security of MQTT traffic – the transfer of data to a SCADA system, ultimately controlling critical infrastructure.
Apex Labs – DirectDefense’s Greg Leonard to Instruct SANS Institute Secure DevOps Course
06.01.22Students will learn the fundamentals of DevOps and how DevOps teams can build and deliver secure software. In a time when the drive for technology efficiencies has left security in the dust, organizations focused on developing code are now starting to realize the true importance of what secure DevOps means. DevOps security or DevSecOps is… Read more »
Tales From the Road: What Effective Endpoint Security Looks Like
04.20.22Well-configured endpoint security is critical to protect against a ransomware attack or a security breach, and requires some extra attention.
Tales from the Road: The Anatomy of Password Attacks
03.16.22It’s time to rethink your password policy to prevent modern password attacks. If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again. Our client, a global corporation with business units in more… Read more »
Planning PCI in the Cloud
01.05.22What PCI Compliance for Cloud Data Looks Like: Challenges and Maintenance Moving to the Cloud is not as simple as “Just put it in the Cloud and we won’t have to do PCI.” The Cloud can reduce PCI Scope but it can also add to the complexity of maintaining PCI compliance. As we will discuss,… Read more »
