Ransomware: Hacienda of Puerto Rico
Ransomware: Hacienda of Puerto Rico
CompSec Direct wins firmware analysis prototype event held at Dreamport
After placing 5th on a previous challenge, we were happy to place 1st on a subsequent firmware c. We improved our process, provided analysis and emulation findings to set us apart from the rest. Please [...]
HammerCon 2022 Cyber-Quiz
HammerCon 2022 Cyber-Quiz
AvengerCon VI
We were exited to sponsor AvengerConVI for a second year.We look forward to the event in 2022. #AvengerCon #CompSecDirect Our T-Shirt was unofficially the winner of best swag. Be sure to checkout local events or [...]
CompSec Direct gets press mentions for cybersecurity expertise
CompSec Direct Executive Team with a a Kleared4 Edge unit. Picture taken by R. Fernandez. We were interviewed in 2021 by El Nuevo Día, a local newspaper in Puerto Rico. Some the of the issues we [...]
Kleared4 closed-operation fly-away edge kit
Kleared4 closed-operation fly-away edge kit
Non-attribution classification model published
Non-attribution classification model published
BSides PR 2019
Our President, @jfersec, had the privilege of Keynote during BSides PR 2019. During our presentation, we discussed some hard truth's around: the way DeepFakes and "WeakFakes" are utilizedhow we are good imitators and bad innovators [...]
CTF-Pasteables
“Typing Kills”, so even if you do not agree with this; it’s true. Operator error grows the more you type. It’s akin to “measure twice, cut once”. In Capture the Flags (CTF’s), we often redo [...]
Open-Data wants to be free, but no one looks.
Problem: A few months ago, Giancarlo Gonzales, a former CIO for the island of Puerto Rico, indicated the lack of updates towards open-data in data.pr.gov. As part of an open-data initiative, Puerto Rico created its own [...]
Case 1
Case 1. If you like the case study, hit us up and let us know. Take care. Malware Analysis on Hybrid-Analysis. case1Download
CompSec Direct now approved Cyber-security vendor in Maryland
CompSec Direct has been approved as a Qualified Maryland Cybersecurity Seller (QMCS) by the Department of Commerce of Maryland. This allows us to provide cybersecurity services to qualifying companies under the Buy Maryland Cybersecurity (BMC) [...]
White pages are back!: Aeronet Wireless exposes customer info over SNMP
Problem CompSec Direct recently became aware of an information disclosure problem affecting Aeronet Wireless customers in Puerto Rico. In short, querying Shodan.io for Aeronet Wireless and SNMP presents publicly accessible information, such as customer names, [...]
Data Mining PDF documents; using data conversion to reduce analysis time
Problem A month ago, we became aware of a way to harvest legal notifications from a government web-site. Link Here The web-server allows simple requests to be crafted in order to download PDF documents related to court [...]
Apache brute: A simple brute force deterrent for Linux
We published a simple script to help identify and block possible brute-force attempts on a Linux web-server. The script counts the amount of “bad-actions” an ip has logged in the Apache logs and blocks the [...]
Judicial branch of Puerto Rico exposes sensitive court documents
Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to [...]
CompSec Direct’s president presents ZigBee research at local security conference at Inner Harbor
Our President, Jose Fernandez, presented ZigBee research at Bsides Charm 2017 in Baltimore on April 29, 2017. The presentation, called Frony Fronius: Exploring ZigBee signals from SolarCity covered IoT (Internet of Threats) findings on commercial [...]
CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico
The Center of Investigative News (Centro de Periodismo Investigativo) published an excellent summary of events from the situation the department of Hacienda faced in early March of 2017. Our early involvement in this event helped [...]
CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico
CompSec Direct was asked to provide incident response services to the department of Hacienda, the Treasury department of Puerto Rico, on March 7,2017. The department of Hacienda was experiencing daily losses of approximately $20 million [...]
CompSec Direct is awarded CATS+ Master Contract in Maryland
CompSec Direct was awarded a Master contract with the state of Maryland on February, 2017. The CATS+ Master Contract lists provides the state with a list of known vendors in applicable functional areas. We solicited [...]
