If the world is run by little ones and zeroes and little bits of data, the Duo Labs team are the mad scientists putting ‘em to work. Not only do we have our customers’ backs by serving up deep knowledge, we’re also dedicated to protecting the public by identifying and fixing vulnerabilities on a broader scale. What does that look like? Prototyping new features and products, interpreting and analyzing data, building internal tools… and bringing to life wild ideas like bypassing PayPal’s 2FA, playing with public Wi-Fi, and attempting the first Push authentication from near space.
Here we explore the implementation of a legacy, but still actively marketed, wireless physical security system as well as how it undermines more advanced security controls. Several vulnerabilities...Continue Reading
This peach pit implements the HTTP/2 protocol RFC-7540 and is targetted at Microsoft Edge. It has been run through about 150,000 iterations and traffic samples within this...Continue Reading
This summer during DEF CON 24, Duo traveled to the Mojave Desert to launch a tricked-out weather balloon in pursuit of the first two-factor authentication push from the...Continue Reading
Another cool thing about Duo Labs is that we give a bigger look under the hood than the average security company. The Duo Labs blog presents our latest work, analysis and other insights.
Get insights into how to assess security hardware, including experimentations in counterfeiting U2F authentication tokens, different weaknesses in the hardware components of encrypted USB keys and...Continue Reading
You don’t have to go to a TED talk to hear from great minds in infosec — we host heavy hitters from around the industry to dive deep into areas of their expertise, from Mudge on creating DARPA’s cyber analytic framework to Runa A. Sandvik talking Tor and SecureDrop.
University of Michigan Professor of Information Paul Resnick presents on RumorLens, a suite of tools designed to help journalists and the public identify new rumors on Twitter. He explains how...
You may have heard the stereotype about 400-pound hackers sitting in the warm glow of a monitor in their mom’s basement, but at Duo Labs we get around. Check out the various conferences, meetups and other hangs (which we’ll admit might sometimes happen in basements) where you can connect with us.
Join Duo in Atlanta to learn more about current tech-security issues such as cloud security, email and social media security, VoIP, and more.
Join Duo Security and the SNCA live at SANS Las Vegas for a series of topical presentations.
Join Duo Security in Costa Mesa, California for the ISSA Orange County Chapter's annual security symposium.
Join Duo's Director of Security Research, Steve Manzuik, at IP EXPO Nordic 2017 as he presents this talk about real-world attacks.
Do you like tinkering with tech and deconstructing it for discovery’s sake? Think security can make a serious impact but you don’t take yourself too seriously? Want to work on wild, unthinkable ideas? You might be the right match for Duo Labs’ band of misfits. Visit the Duo careers page to see how we’re looking to grow our team.