A Security Audit of Third-Party AWS S3 Tools
We analyzed the security of several third-party AWS S3 tools to find out why so many S3 buckets with sensitive information have been made public, seemingly unintentionally. Here's what we found.
Security Report Finds Phishing, Not Zero-Days, Is the Top Malware Infection Vector
The top malware infection vector is our age-old friend, phishing, while stolen credentials are popular for lateral movement - see more insights from Symantec's latest Internet Security Threat Report.
Microcontroller Firmware Recovery Using Invasive Analysis
Duo Labs security researchers show how to bypass microcontroller interfaces used for internet of things (IoT) devices - these invasive attacks require physical access to typical microcontrollers.
Spotting Misconfigurations With CloudMapper
In February, Duo released CloudMapper, an AWS environment visualization tool, to the developer community. In this blog post, we explore several potential misconfigurations that can lead to security problems.
Reversing Objective-C Binaries With the REobjc Module for IDA Pro
Duo Labs performed an analysis of Objective-C binaries running on managed macOS endpoints in enterprise environments, using the Interactive Disassembler (IDA Pro) to perform disassembly and decompilation of the binaries.