This month I want to highlight an article, From Stolen Laptop to Inside the Company Network, by Dolos Group. This article walks through how a security research group turned a company laptop into corporate network access, without any inside information. This article is fascinating because it discusses several potential security vulnerabilities in the hardware and software, and also demonstrates how obfuscation is not security. I find this story a stark reminder that security as a first principle remains important in the work we do; bad actors can attack from unexpected vectors.

https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

“What can you do with a stolen laptop? Can you get access to our internal network?…Spoiler alert: Yes, yes you can.”