Taking on the “Haters”: Pentesting User Session Vulnerabilities
08.31.20In this post about pentesting user session vulnerabilities, we discuss the necessity of the validation and sanitation of URLs.
08.31.2008.31.2008.31.20
I’ve Got 4658 Problems, and All of Them Are in Azure Security Center
07.28.20Azure Security Center can identify and fix vulnerabilities on your cloud resources, but if you’re having issues, we can help.
Tales From the Road: Never Underestimate the Twisted Tactics Used in a Spear Phishing Campaign
07.10.20Think it’s twisted to use sick children to lure unsuspecting people to provide their credit card information to donate? You bet! Think tactics like this are beyond the schemes of an attacker who will go to any length to steal sensitive data? Never.
Tales From the Road: It’s a Physical Penetration Test – Do You Know Where Your Network Is?
07.09.20How one “hotel guest” gained access to the entire network from a network switch found inside their linen closet during a physical penetration test.
When Multi-Factor Authentication Isn’t Enough – Bypassing MFA via Phishing
07.06.20Having multi-factor authentication is great – but it is only one piece of the security puzzle and won’t work completely on its own.
Tales from the Road: How the “Copier Repair Guy” Owned Your Network During a Physical Pen Test
06.30.20Posing as a copier repair guy, our consultant managed to get inside a company’s network during a physical pen test.
How Your Red Team “HID” in Your Readers – ESPKey Attacks
06.16.20DirectDefense performs Red Team engagements for its clients as a standard service. During many physical Red Team engagements, we are met with physical access control systems that use RFID or NFC to provide authorized users access to certain areas of buildings. These systems are often used to control entry into a building, or control access… Read more »
Tales From The Road: Keeping a Business Operational After a Ransomware Attack
05.19.20Tips for a fast recovery after a ransomware attack, and how to mitigate the impact of such an attack with improved data backup.
Tales From The Road: How the landscaper stole all your data
04.22.20How We Compromised a Major Corporate Network During a Physical Pen Test Here’s a “pro tip” for any company out there using armed guards to protect their facility: If you’re not properly segmenting your network, those armed guards can’t do anything to stop an attacker from compromising your company’s private data. We recently conducted a… Read more »
Our Commitment to You During the Coronavirus
03.19.20Notice to Our Customers While organizations around the world are reorganizing their workforces to handle the current health issue, I’d like to take this moment to reassure you that we at DirectDefense are well prepared to facilitate the services you count on us to provide for you. Unlike most industries that maintain a collective work… Read more »
