It’s a hot July afternoon, and a small team scours another Maryland junkyard. As they walk through the mountains of gnarled metal, they’re on the lookout for one thing: Car radios. They intend to hack them.
The team is part of Dark Labs, an elite unit of cyber pros at Booz Allen. They have the most advanced tools and techniques, and the mindset of the most talented cyber elite, but instead of trying to break in, they’re using their skills to help secure Booz Allen’s clients from cyber adversaries around the world.
Each car radio costs $20 and is added to the growing collection of devices Mike Schroeder and his Embedded Vulnerability Analysis team is researching. They’re dedicated to finding software flaws and vulnerabilities in critical infrastructure—before adversaries can exploit them. Back at Dark Labs, Mike and his team disassemble and extract firmware from each device, reverse engineering and testing to identify the vulnerabilities that few can find. Their research helps them develop new tools and capabilities, as well as protect Booz Allen’s many clients.
Research isn’t the only thing Dark Labs does. Fred Frey leads the Threat Hunting team, which is comprised of expert developers, analysts, and data scientists. Fred and his colleagues have developed an innovative platform that seamlessly leverages an organization’s existing Endpoint Detection and Response (EDR) solution to comb through endpoint metadata and identify malicious events across the entire infrastructure.
“We proactively assess client networks to root out the bad guys,” says Fred. “It’s a search and destroy operation.”
The average time an advanced adversary goes undetected inside a victim’s network is 200 days. An adversary can do a lot of damage in that time. Fred helps clients catch the bad guys quickly.
The Threat Hunting team works closely with the Cyber Analytics team to automate the identification of malicious events in a network system. They make predictions about how a threat actor or their weapons will act within a network and behaviors that a threat hunter would expect to see in the data. This allows Dark Labs to query all endpoints and correlate their responses at scale.
Dark Labs does some of the most unique work in the cybersecurity industry. Since most are elite-level cyber pros, they move fast between federal government and private sector clients. They quickly engage in a client challenge, set up, plan, and then execute. The fast pace and versatility are what Mike likes most about Dark Labs.
“We work on everything from cars to industrial control systems—you name it,” he says.
Dark Labs doesn’t just do unique work—their culture is different, too. They’re passionate about their work. They play capture the flag—a simulated cat-and-mouse game that cyber pros use to sharpen their skills and prove their prowess against others.
When you ask a member of Dark Labs about their first hacks, they quickly rattle off examples of how they hacked systems as teenagers.
Tim Nary, red team lead for Dark Labs, recalls using hacks to give himself more life and ammo in video games, then asked himself, “I wonder what else I can hack?”
What type of people thrive at Dark Labs? Director Will Farrell boils it down to three attributes “Passion, intelligence, and curiosity,” he says. “We hire people who want to know how things work.”
Will is looking for elite-level cyber pros to apply for cybersecurity jobs at Booz Allen, and there’s one other thing he wants them to know about Dark Labs.
“We’re really fun,” said Will. “This isn’t your grandfather’s Booz Allen.”