The necessity of the validation and sanitation of URLs for client-side work. As an application pentester, my life is relatively free of conflict. I lack the on-court physical conflict of a professional athlete battling her hated rivals, taunting them on various social media accounts, keeping up her stats, negotiating ever larger contracts with the team… Read more »
Overwhelmed by Azure Security Center? We can help. Azure Security Center can help identify and remediate vulnerabilities on your cloud resources that might go unnoticed. Security Center provides a unified security management system that can provide security insights, detect vulnerabilities and best practice deficiencies, as well as protect against threats. But as your environment grows,… Read more »
Think it’s twisted to use sick children to lure unsuspecting people to provide their credit card information to donate? You bet! Think tactics like this are beyond the schemes of an attacker who will go to any length to steal sensitive data? Never.
How one “hotel guest” gained access to the entire network from a network switch found inside their linen closet during a physical penetration test.
The use of Multi-Factor Authentication (MFA) has greatly increased in recent years, and it’s easy to see why. In October 2019, Microsoft stated, “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.” While the veracity and context of that statistic should probably be taken with… Read more »
How we got into a heavily guarded research facility and took ownership of the network during a physical pen test. You would think that a business whose business is defense intelligence and cyber security would have an impenetrable network, right? We recently conducted a penetration test for a client that proved how simple it was… Read more »
DirectDefense performs Red Team engagements for its clients as a standard service. During many physical Red Team engagements, we are met with physical access control systems that use RFID or NFC to provide authorized users access to certain areas of buildings. These systems are often used to control entry into a building, or control access… Read more »
Tips for a fast recovery after a ransomware attack, and how to mitigate the impact of such an attack with improved data backup.
How We Compromised a Major Corporate Network During a Physical Pen Test Here’s a “pro tip” for any company out there using armed guards to protect their facility: If you’re not properly segmenting your network, those armed guards can’t do anything to stop an attacker from compromising your company’s private data. We recently conducted a… Read more »