(function(i,s,o,g,r,a,m){ i['GoogleAnalyticsObject']=r; i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)}, i[r].l=1*new Date(); a=s.createElement(o),m=s.getElementsByTagName(o)[0]; a.async=1; a.data-privacy-src=g; m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-132428928-1', 'auto'); ga('send', 'pageview');

compsec-direct-media

About CompSec Direct

CompSec Direct is a C4ISR firm specialized in CyberSecurity. SDVOSB, QMCS & MBE certified firm of former DOD network operators.

Wassenaar Arrangement 2013 Plenary Agreements Implementation; Intrusion and Surveillance Items

By |2022-06-13T18:34:26-04:00July 20th, 2015|Categories: Cyber, Laws, Legislation|Tags: , , , |

CompSec Direct and other individuals and companies spoke out against the 2013 Wassenaar Arrangement. We hope our petitions for further revisions are heard. We have included a copy of the document submitted to http://www.regulations.gov/#!docketDetail;D=BIS-2015-0011 Wassenaar Agreement CompSecDirect We want to thank everyone that submitted and stood up for freedom of speech against the Wassenaar Arrangement 2013.

Comments Off on Wassenaar Arrangement 2013 Plenary Agreements Implementation; Intrusion and Surveillance Items

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

By |2022-06-15T01:26:03-04:00June 13th, 2015|Categories: Breach, Hacking, Reports|Tags: , |

Excellent report by Kaspersky that unmasks a breach inside their corporate infrastructure. Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks

Comments Off on Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

Bsides PR 2015 – Fun with Tor : How anonymity services complicate actor attribution CompSec Direct

By |2022-06-13T18:35:49-04:00May 29th, 2015|Categories: Attribution, Defensive Methodology, Demo, Hacking, Tor|Tags: , , , , , , , |

Hello from Puerto Rico. Here are our slides from Jose Fernandez’s talk on Tor and attribution. We are very exited to have participated in BSides PR 2015, and look forward to speaking again in the future. By the time we got to the beach, the Internet is hopefully in a slightly better state than we left [...]

Comments Off on Bsides PR 2015 – Fun with Tor : How anonymity services complicate actor attribution CompSec Direct

BSides Charm 2015 – Mass Hunting and Exploitation with PowerShell Slides CompSec Direct

By |2022-06-13T18:36:39-04:00April 12th, 2015|Categories: Cyber, Defensive Methodology, Demo, Hunting, Powershell|Tags: , , , , , |

Hello Everyone, Here are the slides from our presentation at Bsides Charm 2015. We look forward to coming back next year for another excellent community driven event.Mass Hunting with Powershell

Comments Off on BSides Charm 2015 – Mass Hunting and Exploitation with PowerShell Slides CompSec Direct

Pen-testing Guidelines posted from PCI-DSS

By |2022-06-15T01:24:07-04:00April 4th, 2015|Categories: Pen-testing, Reports|Tags: , , , |

PCI-DSS recently released a revised document that covers pen-testing requirements for merchants and security providers. The document does a good job of comparing pen-testing with vulnerability assessments. If your company recently had a pen-test or vulnerability assessment done that did not cover all of these area and more, then call us and compare. Here is a [...]

Comments Off on Pen-testing Guidelines posted from PCI-DSS

Cybergeddon: Why the Internet could be the next “failed state” -ArsTechnica

By |2022-06-15T01:25:09-04:00February 26th, 2015|Categories: Cyber, Hacking|Tags: , |

Excellent article by Sean Gallagher from ArsTechnica. It truly captures the essence of how our world is likely headed into an unfortunate collision with technology. http://arstechnica.com/information-technology/2015/02/fear-in-the-digital-city-why-the-internet-has-never-been-more-dangerous/1/

Comments Off on Cybergeddon: Why the Internet could be the next “failed state” -ArsTechnica

11 Signs Someone Is Lying To You – Business Insider

By |2022-06-15T01:23:08-04:00February 23rd, 2015|Categories: Social Engineering|Tags: , , |

Awesome post from Business Insider’s Vivian Giang. If you are into Social Engineering, lying in person is perhaps one of the best ways to accomplish either Corporate Espionage or Penetration Tests. Here are 11 indicators that you should be on the lookout for, or conscious not to do. http://www.businessinsider.com/11-signs-someone-is-lying-2014-4?op=1

Comments Off on 11 Signs Someone Is Lying To You – Business Insider

Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall

By |2022-06-15T01:21:25-04:00February 23rd, 2015|Categories: Firewall|Tags: , , , |

This link by Richard Porter provides a quick link to ip’s you can easily blacklist with any iptables or netfilter firewall. Ultimately, it provides a quick list of Tor nodes, known spammers and compromised hosts that any NOC/SOC would be interested in blocking. https://isc.sans.edu/diary/Subscribing+to+the+DShield+Top+20+on+a+Palo+Alto+Networks+Firewall/19365

Comments Off on Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall

How to exploit Domain Controllers with MS14-068 / From Zero 2 Hero

By |2022-06-13T18:39:44-04:00December 7th, 2014|Categories: Demo, Hacking|Tags: , , |

Hello! This is jfer from compsec direct. I would like to show you how to leverage the new Kerberos exploit against Windows domain controllers called ms14-068. This vulnerability allows a user with domain credentials to forge a Kerberos ticket and receive domain admin privileges via the forged ticket. I want to thank Sylvain Monné aka Bidord [...]

Comments Off on How to exploit Domain Controllers with MS14-068 / From Zero 2 Hero

CSO – Survey shows the cost of security breaches is on the rise

By |2022-06-15T01:19:50-04:00October 22nd, 2014|Categories: Breach, Hacking|Tags: , , , |

Excellent post associating the attributed costs of security breaches over time.

Comments Off on CSO – Survey shows the cost of security breaches is on the rise
Go to Top