About Us / Our Team

CompSec Direct is a C4ISR firm specialized in Information/Cyber Security. SDVOB & MBE certified company comprised of former network operators from different sectors of the federal government. We are a Maryland CATS+ master contract holder and are looking for new business partnerships to pursue new opportunities.

706 Crawfords Knoll Ct
Odenton, MD, 21113

White pages are back!: Aeronet Wireless exposes customer info over SNMP
Gallery
White pages are back!: Aeronet Wireless exposes customer info over SNMP

Disclosure, e-Discovery

White pages are back!: Aeronet Wireless exposes customer info over SNMP

Problem CompSec Direct recently became aware of an information disclosure problem affecting Aeronet Wireless customers in Puerto Rico. In short, querying Shodan.io for Aeronet Wireless and SNMP presents publicly accessible information, such as customer names, [...]

By jfer|October 12th, 2018|Categories: Disclosure, e-Discovery|Tags: Data Leak, Disclosure, shodan|Comments Off

Data Mining PDF documents; using data conversion to reduce analysis time
Gallery
Data Mining PDF documents; using data conversion to reduce analysis time

Automation, e-Discovery, Forensic, Scripts, Tesseract

Data Mining PDF documents; using data conversion to reduce analysis time

Problem A month ago, we became aware of a way to harvest legal notifications from a government web-site. Link Here The web-server allows simple requests to be crafted in order to download PDF documents related [...]

By jfer|May 31st, 2017|Categories: Automation, e-Discovery, Forensic, Scripts, Tesseract|Tags: automation, data conversion, data-mining, e-Discovery, pdf, Tesseract|Comments Off

Apache brute: A simple brute force deterrent for Linux
Gallery
Apache brute: A simple brute force deterrent for Linux

Defensive Methodology

Apache brute: A simple brute force deterrent for Linux

We published a simple script to help identify and block possible brute-force attempts on a Linux web-server. The script counts the amount of "bad-actions" an ip has logged in the Apache logs and blocks the [...]

By CompSec Direct|May 31st, 2017|Categories: Defensive Methodology|Tags: apache, brute force, Research, scripts|Comments Off

Judicial branch of Puerto Rico exposes sensitive court documents
Gallery
Judicial branch of Puerto Rico exposes sensitive court documents

Hacking, Laws, Reports

Judicial branch of Puerto Rico exposes sensitive court documents

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is [...]

By CompSec Direct|May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: Data Leak, Disclosure, Government, Puerto Rico, Rama Judicial, Research|Comments Off

CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor
Gallery
CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor

Cyber, Demo, Laws, Reports

CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor

Our President, Jose Fernandez, presented ZigBee research at Bsides Charm 2017 in Baltimore on April 29, 2017. The presentation, called Frony Fronius: Exploring ZigBee signals from SolarCity covered IoT (Internet of Threats) findings on commercial [...]

By jfer|April 30th, 2017|Categories: Cyber, Demo, Laws, Reports|Tags: Bsides Charm 2017, Digi, Fronius, Internet of Threats, IoT, SolarCity, ZigBee|Comments Off

CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico
Gallery
CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

Attribution, Contracts, Cyber, Defensive Methodology, Hunting, Incident Response, Reports

CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

The Center of Investigative News (Centro de Periodismo Investigativo) published an excellent summary of events from the situation the department of Hacienda faced in early March of 2017. Our early involvement in this event helped [...]

By jfer|March 18th, 2017|Categories: Attribution, Contracts, Cyber, Defensive Methodology, Hunting, Incident Response, Reports|Tags: Government, incident response, Malware, Puerto Rico, Reports|Comments Off

12 Next

Hunt-as-a-Service
find out

It started with #wannacry...

How will you respond when the

next threat attacks us?
Capabilities

Windows / Linux / Sun / Unix Penetration and Hardening

Cisco / Juniper Penetration and Hardening

Vulnerability Assessments

Traffic Analysis and Network Penetration

Forensic Analysis from Incident Response

Digital Evidence Collection and eDiscovery

Social Engineering / Physical Penetration Campaigns

Ransomware Protection Services

Security Analyst / SOC Analysts

OCONUS Operations /

Radio Frequency Signal Penetration

Network Analysis /

Sensor Configurations / SIEM Deployments
case studies
Black SPIN: Systematic Penetration Inside Network
Learn what makes this hybrid assessment
learn more
a better solution for you
Insider Advantage
How much damage can employees cause in your workplace?
learn more
FIRM: Forensic Incident Response Management see now
See how FIRM is the right answer to all cyber attack questions
Proactive-Response Services
Learn How You Can Expedite Your Companie's Reaction Time to Any Cyber Breach
learn more
PsyCo. Edge
find out

99% of Cyber-Breaches start with

Social Engineering Attacks-

How Are You Protecting Yourself?
Phishing & Whaling Campaign Threat Models
VARS: Vulnerability Assessments
Find out how VARS can give you the most distinguishable results
learn more & Remediations Service
Software Licensing
Protect yourself from Piracy and Software Liabilities
learn more
Ransomware Protection
Learn How to Protect Yourself from the Most Profitable Ransom Business of 2017
learn more
"$209 million was paid to ransomware criminals in 2016" - CNN