If the world is run by little ones and zeroes and little bits of data, the Duo Labs team are the mad scientists putting ‘em to work. Not only do we have our customers’ backs by serving up deep knowledge, we’re also dedicated to protecting the public by identifying and fixing vulnerabilities on a broader scale. What does that look like? Prototyping new features and products, interpreting and analyzing data, building internal tools… and bringing to life wild ideas like bypassing PayPal’s 2FA, playing with public Wi-Fi, and attempting the first Push authentication from near space.
Here we explore the implementation of a legacy, but still actively marketed, wireless physical security system as well as how it undermines more advanced security controls. Several vulnerabilities...Continue Reading
This peach pit implements the HTTP/2 protocol RFC-7540 and is targetted at Microsoft Edge. It has been run through about 150,000 iterations and traffic samples within this...Continue Reading
This summer during DEF CON 24, Duo traveled to the Mojave Desert to launch a tricked-out weather balloon in pursuit of the first two-factor authentication push from the...Continue Reading
Another cool thing about Duo Labs is that we give a bigger look under the hood than the average security company. The Duo Labs blog presents our latest work, analysis and other insights.
Duo Labs security researchers show how to bypass microcontroller interfaces used for internet of things (IoT) devices - these invasive attacks require physical access to typical microcontrollers.Continue Reading
You don’t have to go to a TED talk to hear from great minds in infosec — we host heavy hitters from around the industry to dive deep into areas of their expertise, from Mudge on creating DARPA’s cyber analytic framework to Runa A. Sandvik talking Tor and SecureDrop.
Watch a video walkthrough of how a Duo Labs researcher bypassed PayPal’s one-time password two-factor authentication.
You may have heard the stereotype about 400-pound hackers sitting in the warm glow of a monitor in their mom’s basement, but at Duo Labs we get around. Check out the various conferences, meetups and other hangs (which we’ll admit might sometimes happen in basements) where you can connect with us.
Join Duo in Dallas for ISMG's Fraud & Breach Prevention Summit!
Join Duo at the Great American Ball Park for the Spring Security Symposium, hosted by CBTS!
Join Duo in our Ann Arbor office to learn about the security landscape and join in a panel discussion with experts from the security field.
Join Duo Security in the DC Metro Area for this year's Secure Summit DC, hosted by (ISC)².
Do you like tinkering with tech and deconstructing it for discovery’s sake? Think security can make a serious impact but you don’t take yourself too seriously? Want to work on wild, unthinkable ideas? You might be the right match for Duo Labs’ band of misfits. Visit the Duo careers page to see how we’re looking to grow our team.