Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »
How Secure Are Your Organization’s Premises? When it comes to entry points into an organization, network security gaps and vulnerabilities aren’t the only concern. Bad actors can choose a more traditional way in – physically walking through the doors. You may have locks, ID badges, cameras, and employee protocols, but the best way to know… Read more »
Welcome to a new series of DirectDefense blog posts about hardware and IoT penetration testing! The goal of this 101 series is to shed light on common hardware I/O interfaces, associated protocols, and the multitude of vulnerabilities that can arise when they are left unprotected. While hardware reconnaissance will be briefly discussed, this particular article… Read more »
Plus: 10 Tips to Keep Your Organization Out of the Red A financial institution enlisted our services to perform a Red Team assessment – an effective approach to simulate a real-world threat actor attempting to compromise an organization from the outside in. Using an email phishing campaign combined with a physical breach, DirectDefense consultants uncovered… Read more »
How We Used Vishing to Attack an Internal Corporate Network We are back with the third and final write-up of our social engineering blog series to add to previous posts about an email phishing campaign and target phishing scenarios using social media. This post is all about a vishing call! Vishing or Voice Phishing is… Read more »
Hear from a DirectDefense consultant about an internal network penetration test that involved an iSCSI exploitation.
03.31.22Navigating the 5 Stages of Grief Following an Incident Response Event Are you a victim of a data breach and are you feeling signs of grief? You’re not alone. As an incident response professional, I have met many different types of corporate staff, from the IT staff to the C-suite. Unfortunately, it was probably on… Read more »
It’s time to rethink your password policy to prevent modern password attacks. If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again. Our client, a global corporation with business units in more… Read more »
03.23.21Take two of our team attempting to conduct a data breach at a company that previously let us in as landscaping job candidates. How’d it go this year?
