Reports

Ransomware case study: echoraix

By |2024-08-05T14:49:05-04:00August 5th, 2024|Categories: Attribution, Case Study, Defensive Methodology, Forensic, Reports|Tags: , , |

We are providing our case study on echoraix, a ransomware group that targets network connected storage appliances from QNAP and Synology. Please share this case study with others and contact us for similar case studies, or related protection services. CompSec-Direct-echoraix-report-Apr-6-2024

Comments Off on Ransomware case study: echoraix

Know the players in Cyber: how little we know about the leaders of our cyber adversaries

By |2022-12-07T19:05:34-05:00December 7th, 2022|Categories: Creative, Cyber, Events, Networking, Reports, Survey|Tags: , , , , , |

During HammerCon 2022, we ran a timed 60-second 5 question quiz to determine which country was the biggest threat in Cyber. We created adaptive questions sets that would correspond to selections, and we were not surprised by the outcome. The quiz ran for 4 days, had 162 unique partial submissions and 47 complete submissions. Quiz Days [...]

Comments Off on Know the players in Cyber: how little we know about the leaders of our cyber adversaries

Ransomware: Hacienda of Puerto Rico

By |2023-04-15T14:36:51-04:00June 21st, 2021|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Firewall, Forensic, Hacking, Incident Response, Reports|Tags: , , |

Ransomware: Hacienda of Puerto Rico

Comments Off on Ransomware: Hacienda of Puerto Rico

CompSec Direct wins firmware analysis prototype event held at Dreamport

By |2022-06-15T01:30:07-04:00June 8th, 2020|Categories: Automation, Cyber, Reports|Tags: , , , |

After placing 5th on a previous challenge, we were happy to place 1st on a subsequent firmware c. We improved our process, provided analysis and emulation findings to set us apart from the rest. Please visit https://dreamport.tech/events/event-rpe-the-broken-gear-in-the-watch-02.php for more information on the technical aspects of this challenge.

Comments Off on CompSec Direct wins firmware analysis prototype event held at Dreamport

Case 1

By |2022-06-15T01:30:31-04:00August 27th, 2019|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Forensic, Hacking, Hunting, Incident Response, Laws, Reports|Tags: , , , , |

Case 1. If you like the case study, hit us up and let us know. Take care. Malware Analysis on Hybrid-Analysis. case1Download

Comments Off on Case 1

Judicial branch of Puerto Rico exposes sensitive court documents

By |2022-06-15T00:43:34-04:00May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to attorneys and clients in order to view sensitive legal documents. Manipulating the ID string with simple math, similar to the overturned [...]

Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents

CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor

By |2022-06-15T00:45:03-04:00April 30th, 2017|Categories: Cyber, Demo, Laws, Reports|Tags: , , , , , , |

Our President, Jose Fernandez, presented ZigBee research at Bsides Charm 2017 in Baltimore on April 29, 2017. The presentation, called Frony Fronius: Exploring ZigBee signals from SolarCity covered IoT (Internet of Threats) findings on commercial solar panel solutions. Part of the presentation asked participants how they felt about e-meters and how companies are beginning to deploy [...]

Comments Off on CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor

CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

By |2022-06-15T00:46:16-04:00March 18th, 2017|Categories: Attribution, Contracts, Cyber, Defensive Methodology, Hunting, Incident Response, Reports|Tags: , , , , |

The Center of Investigative News (Centro de Periodismo Investigativo) published an excellent summary of events from the situation the department of Hacienda faced in early March of 2017. Our early involvement in this event helped the citizens of Puerto Rico during an already difficult economic situation. We will continue to work with the department of Hacienda [...]

Comments Off on CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico

By |2022-06-15T00:47:26-04:00March 10th, 2017|Categories: Attribution, Contracts, Defensive Methodology, Hunting, Incident Response, Reports|Tags: , , , |

CompSec Direct was asked to provide incident response services to the department of Hacienda, the Treasury department of Puerto Rico, on March 7,2017. The department of Hacienda was experiencing daily losses of approximately $20 million dollars a day due to the severity and impact of ransomware on the government network. CompSec Direct’s president, Jose Fernandez, led [...]

Comments Off on CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico

NTT Group Global Threat Intelligence Report 2016

By |2022-06-15T00:50:38-04:00October 19th, 2016|Categories: Cyber, Defensive Methodology, Forensic, Reports|Tags: , , , , , , |

GTIR 2016 NTT Group published a great threat report for 2016. Quality publication and definitely worth while. Good for CISO’s and Info Sec pros alike. Although some of the areas in the Key Findings are questionable given that we recently saw DDoS attacks above 1Tbs , other areas highlight recent trends that ultimately affect all of [...]

Comments Off on NTT Group Global Threat Intelligence Report 2016
Go to Top