Part 1: Protect Your Organization from Social Engineering

Learn the Tactics Savvy Attackers Use to Dodge Anti-Spam Protection and Infiltrate Networks Social engineering attacks are commonly used in red teaming simulations and breaches. While many companies are reducing their web and network attack surfaces, most employees – if not every employee – has one or more of the following communication surfaces that are… Read more »

Tales From the Road: How Secure is Your API?

How We Were Able to Alter API Settings that Control Energy Production During a recent security assessment of an Application Programming Interface (API) that dynamically manages the energy resources for a large energy utility and allows external client devices to communicate with end devices that sit behind the API server, DirectDefense was able to gain… Read more »

Tales From the Road: Who’s in the Driver’s Seat of Your Physical Security?

How we “stole” our client’s Tesla during a physical penetration test. Protecting Private Internal Data Needs to Start with Enacting Strong External Security We talk a lot about how to protect your organization from being the target of an attack to your internal network by creating strong passwords, keeping network hardware under lock and key,… Read more »

Tales From the Road: BESS and SCADA Network Assessment — Is Your MQTT Traffic Secure?

Three areas to secure to ensure your critical infrastructure isn’t vulnerable to a Machine-in-the-Middle (MitM) attack. A multinational corporation in the energy industry enlisted our services to perform a comprehensive security assessment of their XRT Merging Unit. The merging unit sits on the power grid and is responsible for taking battery data from the company’s… Read more »

The Emotional Toll of Incident Response Events

Navigating the 5 Stages of Grief Following an Incident Response Event Are you a victim of a data breach and are you feeling signs of grief? You’re not alone. As an incident response professional, I have met many different types of corporate staff, from the IT staff to the C-suite. Unfortunately, it was probably on… Read more »

birds-eye view of a hacker on a laptop in the dark

Assessing Microsoft’s Social Engineering Attack

Breaking Down Microsoft’s Response to the Lapsus$ Gang’s Social Engineering Compromise Microsoft has done an excellent job in explaining the social engineering breach that originated against them from the Lapsus$ group. In their recent blog post, they detail the Lapsus$ attack and how access was obtained, as well as provide some decent recommendations to enhance… Read more »