Fracture Labs Blog Posts on Fracture Labs - Relentless Pursuit of Unbreakable.

Passkeys for Business: Choosing the Right Implementation

Tue, 24 Feb 2026 00:00:00 +0000

How should your organization implement passkeys? Compare hardware security keys (roaming authenticators) with built-in device options (platform authenticators) to find the right balance of security and cost.

DEEP608 Conference - Rise of the Machines, Fall of the P@ssw0rd1

Tue, 13 May 2025 00:00:00 +0000

Fracture Labs presents at DEEP608 regarding the past, present, and future state of passwords and how technology affects password security.

AEM Product Safety Conference - Cyber Risk is Business Risk: Securing Modern Manufacturing

Wed, 30 Apr 2025 00:00:00 +0000

Fracture Labs presents at the AEM Product Safety Conference to explore how evolving cyber threats are impacting manufacturers and what leaders can do to strengthen their security posture, reduce risk, and protect operation

DEEP608 Conference - IoT: The 'S' Stands for Security

Tue, 02 Apr 2024 00:00:00 +0000

Fracture Labs presents at DEEP608 regarding the risks IoT devices pose to organizations and what can be done to reduce the risk.

RF Replay Attacks: Hacking Christmas Tree Lights

Mon, 02 Jan 2023 00:00:00 +0000

Fracture Labs uses Christmas tree lights as an example of how easy it is to hack poorly implemented RF communication found in many IoT devices.

Effective Spring4Shell Scanning and Safe Exploitation

Wed, 06 Apr 2022 00:00:00 +0000

Scanning for and exploiting the Spring4Shell vulnerability can be tricky, but this post will show you how to scan more effectively using custom tools from Fracture Labs

IoT Security Sessions - ESC San Jose 2021

Wed, 11 Aug 2021 00:00:00 +0000

Joe Hopper shares his expertise in IoT security at the 2021 Embedded Sytems Conference in San Jose. ‘Live Hack: Exposing Common IoT Security Weaknesses’ and ‘Internet of Insecure Things: Through the Eyes of a Hacker.’

Hardware Hacking Lab: Analysis Tools

Wed, 17 Feb 2021 00:00:00 +0000

Check out part two in our Hardware Hacking Lab series, where we show you what you need in order to build your own lab. We walk you through the analysis tools we use to perform our smart device penetration testing.

Hardware Hacking Lab: Physical Tools

Thu, 14 May 2020 00:00:00 +0000

We’ve kicked off a Hardware Hacking Lab series, where we show you what you need in order to build your own lab. In part one, you’ll learn what physical tools we use to perform our smart device penetration testing.

Exploiting MS17-010 on Windows Embedded 7 Devices

Mon, 26 Jun 2017 21:57:50 -0500

The Windows SMB remote code execution vulnerability patched by MS17-010 has resulted in widespread attacks against Windows 7 devices. While much of the focus has been on patching desktops and servers, many organizations to continue to neglect devices running the Windows Embedded 7 OS because a public exploit hasn’t existed - until now. Check out how we patched the NSA’s Fuzzbunch tool to demonstrate the importance of patching all devices in a timely manner.

Threat Intel RSS Feeds via Twitter Lists

Fri, 07 Dec 2018 00:00:00 +0000

Many security researchers take time to publish their scripts, tips, successes, and failures on Twitter for all to see. As a security professional, it’s important to learn how to effectively use Twitter so you don’t miss anything, but how do you manage to sift through everything? Check out this post on how to turn your Twitter Lists into manageable RSS feeds so you can stay on top of what’s important to you!

Search Breach Data Quicker with AWS Athena

Fri, 05 Jan 2018 09:04:33 -0500

Most password breach files are organized by user account, but it can be beneficial to search by domain name instead. That can take far too long for massive breach files, so check out this post that shows you how to harness the power of AWS Athena to quickly find the data you need for your next penetration test!

Secure Static Website Deployment

Mon, 14 May 2018 00:00:00 +0000

You don’t have to give up dynamic website features to get the benefits of a static website. Learn how migrating to a website powered by serverless hosting can reduce the attack surface of your site, increase site performance, and reduce recurring charges.

Preventing IP-based Drive-Bys in Apache

Tue, 10 Jan 2017 21:41:44 -0500

How many attacks is your webserver under from script kiddies and automated bots? If you’re allowing connections with IP addresses for host headers you’re servers are at greater risk than they need be. Learn how to filter out the noise and block requests that aren’t intended for your specific domain name.

Security Camera Dynamic Analysis

Tue, 27 Dec 2016 12:53:35 -0500

The series on hacking IP cameras continues in this post, with the work moves on to the dynamic analysis phase.

Security Camera Hacking

Tue, 27 Dec 2016 11:53:35 -0500

This post was inspired by some work we did almost two years ago, but never got around to fully documenting or reporting the issues to the vendor since this was just independent research. We wanted to have all of the attacks fully baked before reporting the issues, but then moved on to other projects. So I’ve decided to go back and redo all of the work on this to properly document everything. I will be blurring out any identifying information until the vendor has had a chance to respond, so for now I’ll just refer to the vendor as ‘CompanyX’.