Penetration Test Archives

Tales From the Road: An External Pen Test Reveals the Dangers of the Dark Web

By: Bethany Kozal 04.16.24

An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »

Tales From the Road: How Social Engineering Penetration Testing Proved to be A Fruitful Method of Attack

By: Bethany Kozal 03.28.24

During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »

Tales From the Road: The Power of Physical Penetration Testing

By: Bethany Kozal 10.05.23

Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »

Tales From the Road: Physical Penetration Testing Breaches Weak Boundaries

By: Bethany Kozal 09.07.23

How Secure Are Your Organization’s Premises? When it comes to entry points into an organization, network security gaps and vulnerabilities aren’t the only concern. Bad actors can choose a more traditional way in – physically walking through the doors. You may have locks, ID badges, cameras, and employee protocols, but the best way to know… Read more »

Detecting Hardware Vulnerabilities with IoT Penetration Testing

By: Bethany Kozal 08.24.23

Welcome to a new series of DirectDefense blog posts about hardware and IoT penetration testing! The goal of this 101 series is to shed light on common hardware I/O interfaces, associated protocols, and the multitude of vulnerabilities that can arise when they are left unprotected. While hardware reconnaissance will be briefly discussed, this particular article… Read more »

Tales From the Road: Oops, We Did it Again! Breaking the Bank During a Red Team Assessment

By: Bethany Kozal 03.07.23

Plus: 10 Tips to Keep Your Organization Out of the Red A financial institution enlisted our services to perform a Red Team assessment – an effective approach to simulate a real-world threat actor attempting to compromise an organization from the outside in. Using an email phishing campaign combined with a physical breach, DirectDefense consultants uncovered… Read more »

Part 3: I Hope This Vishing Call Finds You Well…

By: Bruno Oliveira 12.06.22

How We Used A Vishing Test to Attack an Internal Corporate Network We are back with the third and final write-up of our social engineering blog series to add to previous posts about an email phishing campaign and target phishing scenarios using social media. This post is all about a vishing call! Vishing or Voice… Read more »

Compromising a Backup System by iSCSI Interface During a Routine Penetration Test

By: Bruno Oliveira 10.13.22

Hear from a DirectDefense consultant about an internal network penetration test that involved an iSCSI exploitation.

The Emotional Toll of Incident Response Events

By: Jim Broome 03.31.22

Navigating the 5 Stages of Grief Following an Incident Response Event Are you a victim of a data breach and are you feeling signs of grief? You’re not alone. As an incident response professional, I have met many different types of corporate staff, from the IT staff to the C-suite. Unfortunately, it was probably on… Read more »

Tales from the Road: The Anatomy of Password Attacks

By: Bethany Kozal 03.16.22

It’s time to rethink your password policy to prevent modern password attacks. If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again. Our client, a global corporation with business units in more… Read more »

DirectDefense Blog

Tag: Penetration Test