News2019-08-22T13:00:40-04:00

Ransomware: Hacienda of Puerto Rico

We are publishing a redacted case study related to the ransomware event that occurred at Hacienda of Puerto Rico. Although some elements have been removed from this case study, and a previous redacted case study [...]

By |June 21st, 2021|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Firewall, Forensic, Hacking, Incident Response, Reports|Tags: , , |Comments Off on Ransomware: Hacienda of Puerto Rico

CompSec Direct wins firmware analysis prototype event held at Dreamport

After placing 5th on a previous challenge, we were happy to place 1st on a subsequent firmware challenge. We improved our process, provided analysis and emulation findings to set us apart from the rest. Please [...]

By |June 8th, 2020|Categories: Automation, Cyber, Reports|Tags: , , , |Comments Off on CompSec Direct wins firmware analysis prototype event held at Dreamport

Kleared4 closed-operation fly-away edge kit

We have started integrating closed-operation fly-away edge appliances with Kleared4, our disassociated cyber-operations, and proofing environment. #PCOE #PCTE #CyberRange Unlike other fly-away kits, this one is designed to operate completely closed! This model uses a [...]

By |June 7th, 2021|Categories: Automation, Cyber, Defensive Methodology, Design, Forensic, Hacking, Hunting, Incident Response, Networking|Comments Off on Kleared4 closed-operation fly-away edge kit

Non-attribution classification model published

The proposed model was published on the Military Cyber Professional Association (MCPA) 2020-2021 magazine. Although the author used humor in this publication; no standardized model currently exists to technically vet and verify how non-attribution is [...]

By |March 8th, 2020|Categories: Attribution, Cyber|Tags: , , , , |Comments Off on Non-attribution classification model published

BSides PR 2019 Wrap-Up: It starts with you

Our President, @jfersec, had the privilege of Keynote during BSides PR 2019. During our presentation, we discussed some hard truth's around: the way DeepFakes and "WeakFakes" are utilizedhow we are good imitators and bad innovators [...]

By |October 16th, 2019|Categories: Case Study, Cyber, Defensive Methodology, Disclosure, Forensic, Incident Response, Laws, Legislation, Videos|Tags: , , , , , , , |Comments Off on BSides PR 2019 Wrap-Up: It starts with you

Open-Data wants to be free, but no one looks.

Problem: A few months ago, Giancarlo Gonzales, a former CIO for the island of Puerto Rico, indicated the lack of updates towards open-data in data.pr.gov. As part of an open-data initiative, Puerto Rico created its [...]

By |September 29th, 2019|Categories: e-Discovery, Hunting, Scripts|Tags: , , , , , , |Comments Off on Open-Data wants to be free, but no one looks.

Case 1

Case 1. If you like the case study, hit us up and let us know. Take care. Malware Analysis on Hybrid-Analysis. case1Download

By |August 27th, 2019|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Forensic, Hacking, Hunting, Incident Response, Laws, Reports|Tags: |Comments Off on Case 1

CompSec Direct now approved Cyber-security vendor in Maryland

CompSec Direct has been approved as a Qualified Maryland Cybersecurity Seller (QMCS) by the Department of Commerce of Maryland. This allows us to provide cybersecurity services to qualifying companies under the Buy Maryland Cybersecurity (BMC) [...]

By |August 15th, 2019|Categories: Contracts, Cyber, Defensive Methodology, Forensic, Hunting, News, Pen-testing, Social Engineering|Tags: , , , , , |Comments Off on CompSec Direct now approved Cyber-security vendor in Maryland

White pages are back!: Aeronet Wireless exposes customer info over SNMP

Problem CompSec Direct recently became aware of an information disclosure problem affecting Aeronet Wireless customers in Puerto Rico. In short, querying Shodan.io for Aeronet Wireless and SNMP presents publicly accessible information, such as customer names, [...]

By |October 12th, 2018|Categories: Disclosure, e-Discovery|Tags: , , |Comments Off on White pages are back!: Aeronet Wireless exposes customer info over SNMP

Data Mining PDF documents; using data conversion to reduce analysis time

Problem A month ago, we became aware of a way to harvest legal notifications from a government web-site. Link Here The web-server allows simple requests to be crafted in order to download PDF documents related [...]

By |May 31st, 2017|Categories: Automation, e-Discovery, Forensic, Scripts, Tesseract|Tags: , , , , , |Comments Off on Data Mining PDF documents; using data conversion to reduce analysis time

Apache brute: A simple brute force deterrent for Linux

We published a simple script to help identify and block possible brute-force attempts on a Linux web-server. The script counts the amount of "bad-actions" an ip has logged in the Apache logs and blocks the [...]

By |May 31st, 2017|Categories: Defensive Methodology|Tags: , , , |Comments Off on Apache brute: A simple brute force deterrent for Linux

Judicial branch of Puerto Rico exposes sensitive court documents

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is [...]

By |May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents

CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor

Our President, Jose Fernandez, presented ZigBee research at Bsides Charm 2017 in Baltimore on April 29, 2017. The presentation, called Frony Fronius: Exploring ZigBee signals from SolarCity covered IoT (Internet of Threats) findings on commercial [...]

By |April 30th, 2017|Categories: Cyber, Demo, Laws, Reports|Tags: , , , , , , |Comments Off on CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor

CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

The Center of Investigative News (Centro de Periodismo Investigativo) published an excellent summary of events from the situation the department of Hacienda faced in early March of 2017. Our early involvement in this event helped [...]

By |March 18th, 2017|Categories: Attribution, Contracts, Cyber, Defensive Methodology, Hunting, Incident Response, Reports|Tags: , , , , |Comments Off on CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico

CompSec Direct was asked to provide incident response services to the department of Hacienda, the Treasury department of Puerto Rico, on March 7,2017. The department of Hacienda was experiencing daily losses of approximately $20 million [...]

By |March 10th, 2017|Categories: Attribution, Contracts, Defensive Methodology, Hunting, Incident Response, Reports|Tags: , , , |Comments Off on CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico

CompSec Direct is awarded CATS+ Master Contract in Maryland

CompSec Direct was awarded a Master contract with the state of Maryland on February, 2017. The CATS+ Master Contract lists provides the state with a list of known vendors in applicable functional areas. We solicited [...]

By |February 27th, 2017|Categories: Contracts|Tags: , , , , |Comments Off on CompSec Direct is awarded CATS+ Master Contract in Maryland

NTT Group Global Threat Intelligence Report 2016

GTIR 2016 NTT Group published a great threat report for 2016. Quality publication and definitely worth while. Good for CISO's and Info Sec pros alike. Although some of the areas in the Key Findings are [...]

By |October 19th, 2016|Categories: Cyber, Defensive Methodology, Forensic, Reports|Tags: , , , |Comments Off on NTT Group Global Threat Intelligence Report 2016

CompSec Direct’s president presents Shodan research at local security conference in Puerto Rico

CompSec Direct president, Jose Fernandez, presented an open-source intelligence gathering tool called Shodan-Runner at the Bsides PR security conference hosted on Oct 6,2016 in Puerto Rico. The tool allows users to use external CSV files [...]

By |October 7th, 2016|Categories: Cyber, Demo, Pen-testing, Training|Tags: , , , |Comments Off on CompSec Direct’s president presents Shodan research at local security conference in Puerto Rico

CompSec Direct hosts remote incident response training for local Puerto Rico students and experts

We hosted a training session on remote incident response operation on Oct 7, 2016. The course was provided "pro-bono" through @Obsidis_NGO‏, participants paid a small registration fee that covered lunch. Students were able to analyze [...]

By |October 7th, 2016|Categories: Cyber, Defensive Methodology, Demo, Forensic, Hunting, Training|Comments Off on CompSec Direct hosts remote incident response training for local Puerto Rico students and experts

Forcepoint 2015 Threat Report

An excellent publication from Forcepoint that covers CnC malware, malicious insiders and attribution. Unlike other threat reports, this report covers multiple human factors that are often neglected in technical reports. In some cases, human error [...]

By |February 15th, 2016|Categories: Attribution, Cyber, Defensive Methodology, Forensic, Hacking, Hunting, Pen-testing, Reports, Tor|Comments Off on Forcepoint 2015 Threat Report

Why going after wp-config is a quick way to get banned

Internet sites with Wordpress are normally exploited with ease in two ways: 1. Vulnerable plugins or a vulnerability in Wordpress. 2. Reading backup's of the wp-config.php file. The first is actually more common place. The [...]

By |January 15th, 2016|Categories: Attribution, Defensive Methodology, Hacking, Reports, Wordpress|Comments Off on Why going after wp-config is a quick way to get banned

Security firm sued for filing “woefully inadequate” forensics report -Arstechnica

Arstechnica's Dan Goodin has reported that Trustwave is being sued by Affinity Gaming for not eliminating malware presence after a forensic investigation had been done. Mandiant uncovered the malware during a follow up PCI forensic [...]

By |January 15th, 2016|Categories: Breach, Forensic, Lawsuit|Comments Off on Security firm sued for filing “woefully inadequate” forensics report -Arstechnica

Wassenaar Arrangement 2013 Plenary Agreements Implementation; Intrusion and Surveillance Items

CompSec Direct and other individuals and companies spoke out against the 2013 Wassenaar Arrangement. We hope our petitions for further revisions are heard. We have included a copy of the document submitted to http://www.regulations.gov/#!docketDetail;D=BIS-2015-0011 Wassenaar [...]

By |July 20th, 2015|Categories: Cyber, Laws, Legislation|Tags: , , , |Comments Off on Wassenaar Arrangement 2013 Plenary Agreements Implementation; Intrusion and Surveillance Items

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

Excellent report by Kaspersky that unmasks a breach inside their corporate infrastructure. Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks

By |June 13th, 2015|Categories: Breach, Hacking, Reports|Tags: , |Comments Off on Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

Bsides PR 2015 – Fun with Tor : How anonymity services complicate actor attribution CompSec Direct

Hello from Puerto Rico. Here are our slides from Jose Fernandez's talk on Tor and attribution. We are very exited to have participated in BSides PR 2015, and look forward to speaking again in the [...]

By |May 29th, 2015|Categories: Attribution, Defensive Methodology, Demo, Hacking<