It’s a hot July afternoon, and a small team scours another Maryland junkyard. As they walk through the mountains of gnarled metal, they’re on the lookout for one thing: Car radios. They intend to hack them.
The team is part of DarkLabs, an elite unit of cyber pros at Booz Allen. They have the most advanced tools and techniques, and the mindset of the most talented cyber elite, but instead of trying to break in, they’re using their skills to help secure Booz Allen’s clients from cyber adversaries around the world.
Each car radio costs $20 and is added to the growing collection of devices Mike Schroeder and his Embedded Vulnerability Analysis team is researching. They’re dedicated to finding software flaws and vulnerabilities in critical infrastructure—before adversaries can exploit them. Back at DarkLabs, Mike and his team disassemble and extract firmware from each device, reverse engineering and testing to identify the vulnerabilities that few can find. Their research helps them develop new tools and capabilities, as well as protect Booz Allen’s many clients.
Research isn’t the only thing DarkLabs does. Fred Frey leads the Threat Hunting team, which is comprised of expert developers, analysts, and data scientists. Fred and his colleagues have developed an innovative platform that seamlessly leverages an organization’s existing Endpoint Detection and Response (EDR) solution to comb through endpoint metadata and identify malicious events across the entire infrastructure.
“We proactively assess client networks to root out the bad guys,” says Fred. “It’s a search and destroy operation.”
The average time an advanced adversary goes undetected inside a victim’s network is 200 days. An adversary can do a lot of damage in that time. Fred helps clients catch the bad guys quickly.
The Threat Hunting team works closely with the Cyber Analytics team to automate the identification of malicious events in a network system. They make predictions about how a threat actor or their weapons will act within a network and behaviors that a threat hunter would expect to see in the data. This allows DarkLabs to query all endpoints and correlate their responses at scale.
DarkLabs does some of the most unique work in the cybersecurity industry. Since most are elite-level cyber pros, they move fast between federal government and private sector clients. They quickly engage in a client challenge, set up, plan, and then execute. The fast pace and versatility are what Mike likes most about DarkLabs.
“We work on everything from cars to industrial control systems—you name it,” he says.
DarkLabs doesn’t just do unique work—their culture is different, too. They’re passionate about their work. They play capture the flag—a simulated cat-and-mouse game that cyber pros use to sharpen their skills and prove their prowess against others.
When you ask a member of DarkLabs about their first hacks, they quickly rattle off examples of how they hacked systems as teenagers.
Tim Nary, red team lead for DarkLabs, recalls using hacks to give himself more life and ammo in video games, then asked himself, “I wonder what else I can hack?”
What types of people thrive at DarkLabs? People with passion, intelligence, and curiosity. People who want to know how things work.
DarkLabs is looking for elite-level cyber pros to apply for cybersecurity jobs at Booz Allen.
“We’re really fun,” said Will. “This isn’t your grandfather’s Booz Allen.