Hacking

Breach Village Capture the Flag and Hack the Case

By |2025-04-29T20:56:29-04:00April 15th, 2025|Categories: Breach, Creative, Cyber, Defensive Methodology, Demo, Events, Hacking, phishing, Training|Tags: , , , |

CompSec Direct ran Breach Village during a local BSides conference. "We wanted Breach Village to showcase real-problems and not the made up scenarios people see in Capture the Flags events. Realism and modern problems in cyber security are difficult to showcase into a fun learning environment" said Jose Fernandez. Breach Village used our Kleared4 cyber range [...]

Comments Off on Breach Village Capture the Flag and Hack the Case

Using Containers to Analyze Malware at Scale workshops

By |2025-04-29T13:12:13-04:00August 20th, 2024|Categories: AV Bypass, Containers, Cyber, Defensive Methodology, Events, Hacking, Training|Tags: , , , |

Our president was able to teach over 200 participants at six cyber security focused conferences in an full-day workshop. Participants used Kleared4, our US made and hosted cyber range to analyze malware samples in a safe environment. "The best part about our range is that we provide all users a way to use real-world threats in [...]

Comments Off on Using Containers to Analyze Malware at Scale workshops

My CPAP has a recall; let’s open it instead!

By |2023-08-13T12:50:04-04:00August 12th, 2023|Categories: Demo, firmware, Forensic, Hacking, Medical, Videos|Tags: , , , , , , |

"If you or a loved one has ever used a CPAP device..." Our President, Jose Fernandez, gave a medical device presentation at BioHacking Village during DefCon 31. This presentation focused on bringing awareness to privacy related issues related CPAP devices, how to passively identify some CPAP devices and follow on work for exploit related research for [...]

Comments Off on My CPAP has a recall; let’s open it instead!

Ransomware: Hacienda of Puerto Rico

By |2023-04-15T14:36:51-04:00June 21st, 2021|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Firewall, Forensic, Hacking, Incident Response, Reports|Tags: , , |

Ransomware: Hacienda of Puerto Rico

Comments Off on Ransomware: Hacienda of Puerto Rico

Kleared4 closed-operation fly-away edge kit

By |2022-06-14T23:15:09-04:00June 7th, 2021|Categories: Automation, Cyber, Defensive Methodology, Design, Forensic, Hacking, Hunting, Incident Response, Networking|Tags: , , , , |

Kleared4 closed-operation fly-away edge kit

Comments Off on Kleared4 closed-operation fly-away edge kit

CTF-Pasteables

By |2022-06-13T17:38:43-04:00October 16th, 2019|Categories: Cyber, Hacking, Pen-testing, Powershell, Scripts, Tor|

“Typing Kills”, so even if you do not agree with this; it’s true. Operator error grows the more you type. It’s akin to “measure twice, cut once”. In Capture the Flags (CTF’s), we often redo the same methodology and the only thing we change are network variables and usernames, the syntax remains constant. Over the years, [...]

Comments Off on CTF-Pasteables

Case 1

By |2022-06-15T01:30:31-04:00August 27th, 2019|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Forensic, Hacking, Hunting, Incident Response, Laws, Reports|Tags: , , , , |

Case 1. If you like the case study, hit us up and let us know. Take care. Malware Analysis on Hybrid-Analysis. case1Download

Comments Off on Case 1

Judicial branch of Puerto Rico exposes sensitive court documents

By |2022-06-15T00:43:34-04:00May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to attorneys and clients in order to view sensitive legal documents. Manipulating the ID string with simple math, similar to the overturned [...]

Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents

Forcepoint 2015 Threat Report

By |2022-06-15T00:55:26-04:00February 15th, 2016|Categories: Attribution, Cyber, Defensive Methodology, Forensic, Hacking, Hunting, Pen-testing, Reports, Tor|

An excellent publication from Forcepoint that covers CnC malware, malicious insiders and attribution. Unlike other threat reports, this report covers multiple human factors that are often neglected in technical reports. In some cases, human error and predisposition to reuse malware has lead thee researchers to determine a high probability of configuration reuse which leads to easier detection of [...]

Comments Off on Forcepoint 2015 Threat Report

Why going after wp-config is a quick way to get banned

By |2022-06-15T00:59:14-04:00January 15th, 2016|Categories: Attribution, Defensive Methodology, Hacking, Reports, Wordpress|

The first is actually more common place. The second assumes the admin that maintains WordPress leaves a backup or older version of the file readable by any visitor that happens to “guess” a filename. In the past, CompSec Direct has been successful employing both techniques for customers during security audits, however the second leaves a 404 [...]

Comments Off on Why going after wp-config is a quick way to get banned
Go to Top