We are real-life hackers who break stuff, send phones to space, and know how people are trying to compromise you and your data. Ask Duo Labs anything!
- /u/smanzuik_duo: Steve Manzuik
- /u/Loveless_duo: Mark Loveless
- /u/cczub_duo: Chris Czub
- /u/klady_duo: Kyle Lady
- /u/dk_duo: Darren Kemp
- and /u/mdavidov_duo: Mikhail Davidov from Duo Labs.
Duo Labs is the advanced research team at Duo Security. Duo is a cloud-based trusted access provider protecting the world’s largest and fastest-growing companies from account takeover and data breaches.
The Duo Labs team brings wild, unthinkable ideas to life using the boundless magic of software and the internet. Duo Labs provides the deep security knowledge and innovation necessary to protect our customers, but we also have a larger mission of protecting the broader public by identifying and fixing vulnerabilities in large-scale Internet systems.
At any given time, we might be building prototypes of new features or products such as mobile app support for NFC-based U2F, building internal tools for convenience or security, or crunching numbers to support our product, engineering, and marketing teams. Occasionally, we break things; we’re still quite proud of bypassing PayPal’s 2FA a couple years back. Since then, we’ve expanded our team substantially.
Here are some things we’ve done, researched, and written about recently:
- We put a phone into near space for two-factor authentication
- Found serious vulnerabilities in OEM Windows laptops
- Broke EMET
- More OEM Windows stuff
- Played with public wifi
- Measured the impact of Gal Beniamini’s QSEE vulnerabilities
- Facepalmed at bogus ransomware (the “ransom” is the bogus part, but the “ware” is definitely legit)
Proof: cool proof tweet!
Edit 1 (noon, eastern): More proof
Edit 2 (3 p.m., eastern): We are so blown away by all of your amazing questions and responses. Please stop staring in our window, Doug. We're going to keep going for another hour to try to get to as many questions as possible.
Edit 3 (4 p.m., eastern): Thank you everyone so much for your poems and questions and exceptionally leet hax. We are going to start winding down here, but will try to keep answering a few questions.
Interested in talking more? Please come check out our new Duo Community. Post threads! Post comments! Ask us ... well ... anything.
Looking for a job at our pretty sweet company? Seems like lots of you are! Check out https://duo.com/about/careers.
Want to learn amazing things? Check out our Tech Talk series. The next talk is on lawful hacking.
Thanks again! We love you! Yes, even you, Doug.
Bonus edit: This thumbnail