Part 1: Get Inside the Heads of the DirectDefense Team as We Launched an Attack on a Client’s System to Bypass Passwords and Gain Access to “Protected” Critical Data This post is the first in a 2-part series addressing the need for strong passwords across all industries to adequately protect important company and user data.… Read more »
Part 2: Get Rid of Weak Passwords like Winter2020 and Password1 – Our Attack into One Company’s Database Highlights the Risk of Poor Passwords This post is the second in our 2-part series addressing the need for strong passwords across all industries to adequately protect critical information. In a recent client engagement, we set out… Read more »
Assessing the Cost of Security Vulnerabilities During a Pandemic Year As everyone is aware, the pandemic of 2020 made conducting business, even at a basic level, challenging. Organizations were faced with managing their existing security vulnerabilities, in addition to adapting their information security to the “new normal”. In March, companies across the U.S. completed a… Read more »
The necessity of the validation and sanitation of URLs for client-side work. As an application pentester, my life is relatively free of conflict. I lack the on-court physical conflict of a professional athlete battling her hated rivals, taunting them on various social media accounts, keeping up her stats, negotiating ever larger contracts with the team… Read more »
Overwhelmed by Azure Security Center? We can help. Azure Security Center can help identify and remediate vulnerabilities on your cloud resources that might go unnoticed. Security Center provides a unified security management system that can provide security insights, detect vulnerabilities and best practice deficiencies, as well as protect against threats. But as your environment grows,… Read more »
Think it’s twisted to use sick children to lure unsuspecting people to provide their credit card information to donate? You bet! Think tactics like this are beyond the schemes of an attacker who will go to any length to steal sensitive data? Never.
How one “hotel guest” gained access to the entire network from a network switch found inside their linen closet during a physical penetration test.
The use of Multi-Factor Authentication (MFA) has greatly increased in recent years, and it’s easy to see why. In October 2019, Microsoft stated, “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.” While the veracity and context of that statistic should probably be taken with… Read more »
How we got into a heavily guarded research facility and took ownership of the network during a physical pen test. You would think that a business whose business is defense intelligence and cyber security would have an impenetrable network, right? We recently conducted a penetration test for a client that proved how simple it was… Read more »