Author

Mohammad Eshan

CEO & Co-Founder, GhostEye

Research on help desk compromise, adversary simulation, and the voice channel security failures most enterprise programs still do not test.

Previously on the BlackRock red team and in offensive cyber operations at MITRE.

Read Research LinkedIn

Recent Research

ResearchApr 6, 202612 min read

The Voice Channel Is the New Perimeter

Across more than 1,000 IVR tests, nearly half leaked enough intelligence to compromise a help desk in under 20 minutes. If the phone system can validate identities and preview the help desk's questions, it belongs inside your security boundary.

ResearchApr 6, 202610 min read

From Dial Tone to Domain Admin

Help desk compromise usually starts well before the call. By the time an agent picks up, the attacker may already have validated identities, mapped the org, and rehearsed the verification path through the IVR.

ResearchApr 4, 20268 min read

The Recon Nobody's Testing For

Most IVRs reveal which accounts are real, how teams are organized, and what language the company uses before a caller ever reaches an employee. That gives attackers a reconnaissance layer most security programs never test.

Mohammad Eshan

The Voice Channel Is the New Perimeter

From Dial Tone to Domain Admin

The Recon Nobody's Testing For

Find out who in your company is exposed.

Mohammad Eshan

The Voice Channel Is the New Perimeter

From Dial Tone to Domain Admin

The Recon Nobody's Testing For