If the world is run by little ones and zeroes and little bits of data, the Duo Labs team are the mad scientists putting ‘em to work. Not only do we have our customers’ backs by serving up deep knowledge, we’re also dedicated to protecting the public by identifying and fixing vulnerabilities on a broader scale. What does that look like? Prototyping new features and products, interpreting and analyzing data, building internal tools… and bringing to life wild ideas like bypassing PayPal’s 2FA, playing with public Wi-Fi, and attempting the first Push authentication from near space.
Here we explore the implementation of a legacy, but still actively marketed, wireless physical security system as well as how it undermines more advanced security controls. Several vulnerabilities...Continue Reading
This peach pit implements the HTTP/2 protocol RFC-7540 and is targetted at Microsoft Edge. It has been run through about 150,000 iterations and traffic samples within this...Continue Reading
This summer during DEF CON 24, Duo traveled to the Mojave Desert to launch a tricked-out weather balloon in pursuit of the first two-factor authentication push from the...Continue Reading
Another cool thing about Duo Labs is that we give a bigger look under the hood than the average security company. The Duo Labs blog presents our latest work, analysis and other insights.
Duo Labs performed an analysis of Objective-C binaries running on managed macOS endpoints in enterprise environments, using the Interactive Disassembler (IDA Pro) to perform disassembly and...Continue Reading
You don’t have to go to a TED talk to hear from great minds in infosec — we host heavy hitters from around the industry to dive deep into areas of their expertise, from Mudge on creating DARPA’s cyber analytic framework to Runa A. Sandvik talking Tor and SecureDrop.
Watch a video walkthrough of how a Duo Labs researcher bypassed PayPal’s one-time password two-factor authentication.
You may have heard the stereotype about 400-pound hackers sitting in the warm glow of a monitor in their mom’s basement, but at Duo Labs we get around. Check out the various conferences, meetups and other hangs (which we’ll admit might sometimes happen in basements) where you can connect with us.
Join Duo and CyberArk to discuss best practices for implementing a privileged account security and trusted access program.
Join Duo in Washington, D.C. at the 2018 KNOW Identity Conference, hosted by One World Know.
Join Duo Security for an Executive Briefing on March 28 at the U.S. Embassy in the Hague.
Join Duo for the 2018 RSAC to discover the latest technology and interact with top security leaders and pioneers.
Do you like tinkering with tech and deconstructing it for discovery’s sake? Think security can make a serious impact but you don’t take yourself too seriously? Want to work on wild, unthinkable ideas? You might be the right match for Duo Labs’ band of misfits. Visit the Duo careers page to see how we’re looking to grow our team.