Select a Section to Navigate
Dooling Information Security Defenders
Specializing in Offensive & Defensive information security services
The single most effective security measure is often to know your enemy – the tools, techniques, and motivations of attackers. DISD utilitizes these same tools and techniques to help you uncover issues that attackers may exploit to compromise systems, guess or steal credentials, pilfer sensitive data, establish a persistent, stealthy presence on your network, or cause system disruptions and downtime. DISD consultants have expertise in numerous types of security assessments.
We provide independent, offensive and defensive security services to a broad range of clients.
Use the arrows to learn more
The keys to securing an organization's information assets are awareness, preparedness, and vigilance. Awareness of critical assets and information to be protected, weak points that may be targeted, and indicators of attack and compromise. Preparedness comes from implementing the appropriate tools, techniques, and processes to provide protection, monitoring, response, and remediation. Vigilance requires that these technologies and processes work well for people, to enable efficient and unrelenting defense.
Risk is inherent in every organization's use of information technology, and resources to address these risks are limited. Therefore, risks should be addressed as efficiently as possible. With that understanding, DISD focuses on providing prioritized security services in order to make the most significant reductions in information security risks.
DISD is a vendor-agnostic consultancy and services provider. We strive to provide the highest quality solution for each unique situation, and will not be beholden to any software vendors or conflicting interests in doing so.
Working with a large regional utility company, DISD performed a "blind" external penetration test and dial-up connection security assessment. DISD performed realistic, unassisted target reconaissance and enumeration, pausing briefly to verify the identified targets before continuing with the external testing. Concurrently utilizing dozens of leased Voice-over-IP (VoIP) provider lines, DISD enumerated and fingerprinted over 50,000 DID numbers within a week, and identified weak authentication credentials for several connected systems, left unprotected by modern network security defenses.
DISD performed pre-deployment penetration tests for an electronic health record (EHR) software-as-a-service (SaaS) provider during their beta testing period. This engagement included authenticated testing of multiple web applications and services, as well as the supporting infrastructure. DISD also performed post-remediation testing, and provided a Letter of Attestation describing the testing scope, methodologies, original results and post-remediation results, allowing the provider to demonstrate their commitment to secure development processes.
DISD performed a wireless site survey, identifying potential rogue access points, and wireless network and client penetration test at a hospital campus. This project uncovered insecure authentication mechanisms, weak encryption protocols, and network segmentation issues. DISD provided tailored recommendations to the client to address each of these issues, including Active Directory Group Policy guidance to deploy hardened wireless settings for several thousand client systems.
DISD assisted a major ticket sales and distribution company in their PCI compliance efforts by performing penetration tests for a wide variety of cardholder data-processing applications. These ran the gamut from legacy thick client applications affected by issues such as connectionless transport protocols and insecure local storage, to web applications and web services vulnerable to SQL injection, and interactive voice response (IVR) systems and kiosk interfaces affected by parameter tampering issues.
DISD developed device integration modules to capture credit and debit transaction data for an international banking client's security information and event management (SIEM) system.
For additional information or to inquire about our services, please contact us using the form below