Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
09.22.20The Complexities Created by Using JavaScript Object Notation to Transfer Data Among the web application vulnerability tests that we perform at DirectDefense is an application security assessment for CSRF. CSRF, or Cross-Site Request Forgery, is an attack that takes advantage of the predictability of requests and browsers’ automatic submission of session cookies to perform unintended… Read more »
08.31.20In this post about pentesting user session vulnerabilities, we discuss the necessity of the validation and sanitation of URLs.
07.28.20Azure Security Center can identify and fix vulnerabilities on your cloud resources, but if you’re having issues, we can help.
07.10.20Think it’s twisted to use sick children to lure unsuspecting people to provide their credit card information to donate? You bet! Think tactics like this are beyond the schemes of an attacker who will go to any length to steal sensitive data? Never.
07.09.20How one “hotel guest” gained access to the entire network from a network switch found inside their linen closet during a physical penetration test.
07.06.20Having multi-factor authentication is great – but it is only one piece of the security puzzle and won’t work completely on its own.
06.30.20Posing as a copier repair guy, our consultant managed to get inside a company’s network during a physical pen test.
06.16.20DirectDefense performs Red Team engagements for its clients as a standard service. During many physical Red Team engagements, we are met with physical access control systems that use RFID or NFC to provide authorized users access to certain areas of buildings. These systems are often used to control entry into a building, or control access… Read more »
05.19.20Tips for a fast recovery after a ransomware attack, and how to mitigate the impact of such an attack with improved data backup.
04.22.20How We Compromised a Major Corporate Network During a Physical Pen Test Here’s a “pro tip” for any company out there using armed guards to protect their facility: If you’re not properly segmenting your network, those armed guards can’t do anything to stop an attacker from compromising your company’s private data. We recently conducted a… Read more »
