MarkFlow: Make Your Markdown Sparkle!
Find out about MarkFlow, created by Joshua Holland to beautifully format your markdown and
If the world is run by little ones and zeroes and little bits of data, the Duo Labs team are the mad scientists putting ‘em to work. Not only do we have our customers’ backs by serving up deep knowledge, we’re also dedicated to protecting the Internet more generally by identifying and fixing vulnerabilities on a broader scale. What does that look like? We build, we break, we reason. Our work spans the breadth of product prototyping, Internet scale research and analysis, vulnerability research and exploit development, and applications of data science and machine learning to address security problems. As a group our core goals are to Disrupt, to Derisk, and to Democratise complex security topics and to share our innovations in ways that make the greatest possible impact.
Duo Labs Research Projects
Label Legend
- paper
- website
- app
- github
- video
Building a Trustworthy AI Assistant Experience in Security
Duo's experts pull back the curtain on their choices and considerations to ensure Duo's AI Assistant balances novel technology with human expertise.
The Security Industry is Immature, But You’re Not
Learn the trends and incentives for builders, practitioners, and attackers keeping the security industry in a reactionary loop—and, how to stop it.
Authentication and Authorization Part 2: A New, Verifiable Era
Discover the future of digital identity in this deep dive into risks and benefits of passkeys, verifiable credentials, and passwordless authentication.
Proactive Threat Hunting in Duo Data
Learn how Duo's data scientists and threat analysts proactively identify and prevent novel attack methods across billions of authentications.
Authentication and Authorization Part 1: Through the Ages
How reviewing sociological problems with authentication can help us address the technological problems we face today.
A Security Analyst’s Guide to Identity Threats
An in-depth look at current identity-based threats and a discussion of mechanisms to both prevent and detect them.
The Administrator's Guide to Passwordless
Learn all you need to know to determine for yourself why passwordless authentication can be more secure & usable than today’s leading authentication systems.
Data Companies Are Watching Me
Discover what happened when our engineer requested his data from location data brokers & learn why existing processes don't work for the average person.
Balancing Privacy and Security: Google Apple Contact Tracing
Learn how Google & Apple’s Exposure Notification API works & the security considerations that make it good for preserving user privacy & stopping bad actors.
The Invisible World of Near-Infrared Authentication
Duo Labs investigates how infrared imaging is used for authentication in facial recognition and vein scanning technologies.
TEMPEST@Home - Finding Radio Frequency Side Channels
An introductory guide to finding radio frequency side channels for data exfiltration.
The Good and Bad of Biometrics
Explore what properties of biometrics make them good or bad at defending against one threat but not another, then take a deeper look at specific technologies.
Security Researchers Partner With Chrome To Take Down Browser Extension Fraud Network Affecting Millions of Users
Duo Labs’ CRXcavator tool used to uncover and remove a large scale campaign of malvertising Chrome extensions.
Gamifying Data Science Education
Learn about how Duo’s data science team used gamification to teach data analysis skills in an interactive workshop.
Chain of Fools: An Exploration of Certificate Chain Validation Mishaps
Explore what can go wrong for developers when bad cryptographic advice on the internet turns into common implementations.
How to Monitor GitHub for Secrets
Learn about the problem of sensitive info getting published on version control systems and discover multiple ways to monitor GitHub for secrets.
Deciphering the Messages of Apple’s T2 Coprocessor
Learn about the communication channel between macOS & the new T2 secure boot chip. We illuminate the XPC messaging protocol & provide tools to explore yourself.
Anatomy of Twitter Bots: Amplification Bots
Duo Labs study on amplification bots: what they are and how they operate.
Secure Boot in the Era of the T2
An in-depth look at the new secure boot feature found in T2 enabled Apple devices.
MDM Me Maybe: Device Enrollment Program Security
Discover how an authentication weakness in Apple’s Device Enrollment Program can be used to leak information and potentially enroll rogue devices in MDM servers.
Microcontroller Firmware Recovery Using Invasive Analysis
Duo Labs security researchers show how to bypass microcontroller interfaces used for internet of things (IoT) devices. Learn more.
History of Vulnerability Disclosure
Explore some of the more notable vulnerability disclosure moments in infosec history, all in one timeline for your reference.
Blog
Tech Talks
What else is Duo Labs thinking about? Find out at our Tech Talks, where our security researchers give the inside scoop on their latest projects and host experts from across the industry showcasing their own cutting-edge work.
Duo Labs on Github
View Projects