What are the opening hours?

Monday 09:00 - 18:00 Tuesday 09:00 - 18:00 Wednesday 09:00 - 18:00 Thursday 09:00 - 18:00 Friday 09:00 - 18:00

Logisek

Name: Logisek
Address: Koropí, GR
Telephone: +302106626841

Home
Greece
Koropí
Logisek

Stay one step ahead in the digital era with our professional Cyber security and IT Services

Logisek is a leading Cyber Security and IT services firm that was founded in Greece in 2008 and in Romania in 2019 and has since expanded to serve clients on a global scale. With nearly two decades of experience in this field, we specialize in providing comprehensive technological solutions aimed at helping businesses stay secure in the digital world. Our specialized team is committed to maintaini

ng its pioneering position in a constantly changing technological environment, offering our clients the best possible protection against cyber threats. Whether you're seeking cyber security assessments, managed IT services, or cloud solutions, we have the experience needed to support you in achieving your goals. Secure your digital future with the trusted Cyber Security and IT solutions we provide. CONTACT
Stay up to date with Logisek and follow the latest security and IT trends by following our official pages on:

⇢ LinkedIn: /logisek
⇢ Twitter - X: /logisekict
⇢ GitHub: /Logisek
⇢ Instagram: /logisek_ict

_______
✉ [email protected]
☎+30 21 0662 6841

29/05/2026

Is Not the Finish Line

In , proving a weakness exists is only the beginning. The real value starts when that finding is translated into what it could mean for production, safety, uptime, and recovery.

Your OT risk register should not be a list of vulnerabilities. It should be a map of operational consequences.

---

Beats Severity

In IT, criticality often follows exploitability, privilege escalation, or data exposure. In OT and environments, the impact picture is different.

A "medium" issue can become a serious operational risk if it affects production visibility, remote maintenance, batch control, safety monitoring, or recovery. CVSS alone cannot explain whether a weakness could delay operations, confuse operators, or disrupt trusted workflows.

---

Need Business Context

Weak credentials, exposed interfaces, poor segmentation, and limited monitoring may look like separate findings.
Together, they can form a realistic path from initial access to operational disruption.

That is why business context matters.

A finding becomes meaningful when it is tied to the workflow, asset, or operational dependency it could impact. Could this path affect operator visibility? Could it delay maintenance? Could it interfere with recovery? Could it create confusion during a production window?

---

The Best Deliverable Is a

Strong OT helps teams decide what to fix now, what needs a maintenance window, what requires compensating controls, and what belongs in a longer-term resilience plan.

In OT security, the best question is not "What did we find?" It is: "What should we do next, and why?"

- https://logisek.com

26/05/2026

The Behind the Crown Jewel

Most conversations start with the PLC. That makes sense, but attackers often ask a different question: "Which system already has the tools, trust, and context to control it?"

The most revealing system is often not the controller. It is the workstation sitting quietly beside it, holding the logic, tools, and access everyone trusts.

---

The Trusted Attackers Want

In many environments, the engineering workstation is not just another endpoint. It is the system used to configure, troubleshoot, maintain, and program controllers.

It may contain project files, vendor software, saved connection profiles, historical backups, controller logic, USB workflows, license tools, and privileged access into sensitive OT networks. In practical terms, compromising the system that programs the can be more dangerous than attacking the controller directly.

---

Why Context Beats

If attackers compromise an engineering workstation, they may be able to open a legitimate vendor application, load an existing project, connect through saved settings, and follow normal maintenance workflows.

That gives them three things defenders should care deeply about: context, tooling, and trust.

Project files can reveal logic, tag structures, IP addresses, device names, process assumptions, safety interlocks, and network paths. Saved credentials and shared engineering accounts can reduce the need for exploitation. USB workflows and vendor support access can create quiet movement paths between IT, vendors, and OT.

---

What Safe Should Prove

A strong engineering workstation assessment does not need to disrupt or modify live controller logic.

It should safely answer questions like:

- Can non-engineering users access project files?
- Are credentials stored in vendor tools or remote clients?
- Are shared accounts still active?
- Can the workstation reach controllers, HMIs, historians, or license servers?
- Are engineering actions visible in logs and change-control workflows?

The goal is not reckless exploitation. The goal is attack-path clarity.

- Instead of only asking, "Can someone exploit the PLC?"
- Ask, "What could an attacker do if they compromised the workstation used to program the PLC?"

- https://logisek.com

22/05/2026

Network First, Testing Second

In and , the first move should not be a scan. It should be understanding what the network is quietly telling you.

The Real Risk Is in the

One of the biggest mistakes in OT security is treating industrial environments like IT networks with unfamiliar protocols. They are not. A , , , engineering workstation, vendor , jump host, or backup server may not just be another asset. It may be part of a production process, a fragile legacy dependency, or a trusted pathway into critical operations.

---

Is Offensive Security

A meaningful OT starts with knowing what exists. Not an outdated spreadsheet, but a real view of assets, communication flows, network devices, remote access points, firewall rules, and trust relationships.

In OT, the attack path is often hidden in the architecture: a flat route between zones, vendor access landing too deep, engineering tools reaching too many PLC networks, or backups exposing project files and process context.

---

Before Aggressive Testing

Listening to traffic, reviewing configurations, mapping conduits, validating asset lists, and understanding normal behavior should come before noisy testing. Once the map is built, the right questions become sharper:

Can IT reach OT through an approved path?
Can vendor access bypass monitoring?
Can the SOC detect suspicious activity around historians, jump hosts, or engineering workstations?

---

Real OT offensive security is not about proving a controller can be disrupted. It is about understanding the environment deeply enough to identify paths that could become operational risk.

You cannot protect what you cannot see. You also cannot safely test what you do not understand.

- https://logisek.com

19/05/2026

Should Not Break

In OT and environments, a assessment should reduce risk, not create it. If testing disrupts production, safety, or process stability, the assessment has already failed.

Your OT security program should not be judged by how many vulnerabilities it finds. It should be judged by how safely it identifies the risks that could stop operations.

---

Why OT Requires a

environments are not traditional IT networks with different labels. Availability, safety, continuity, and operational stability are core requirements.

That means aggressive pe*******on testing against production PLCs, controllers, or critical assets should never be the default starting point.

The objective is not to "break" the environment. The objective is to understand realistic cyber risk without putting operations at risk.

---

The Three Questions That Matter

A strong OT should answer three practical questions:

- Who can access the OT environment?
- Where could an attacker enter from?
- If they get in, how far could they move before being detected?

To answer those questions, the assessment must look beyond the PLC. The real risk often sits around the industrial ecosystem: SCADA systems, OT networks, engineering workstations, historians, VPNs, remote access tools, vendor accounts, SaaS integrations, cloud connections, exposed services, credentials, and operational processes.

---

⚠️ Risk Often Starts Outside the Controller

In many environments, the highest-risk issue is not inside the controller itself.

It may be weak remote access, poor IT/OT segmentation, excessive vendor privileges, shared credentials, unmanaged cloud integrations, or limited monitoring between enterprise and operational networks.

That is why a safe assessment starts with architecture, access paths, trust relationships, and realistic attack routes from IT, cloud, remote access, and third parties toward OT systems.

---

Test Safely, Remediate Practically

Testing may include external attack surface review, SaaS and API pe*******on testing, segmentation validation, remote access review, and controlled internal attack path analysis.

For and critical OT assets, testing should remain OT-safe: passive discovery, configuration review, and non-intrusive validation unless there is approved scope, a maintenance window, rollback plan, or lab environment.

The final output should not be a vulnerability dump. It should be a remediation roadmap: what to fix first, what needs planning, what involves vendors, and what belongs in the next 30, 60, and 90 days.

OT security is not about proving systems can be broken. It is about reducing risk while protecting operations.

- https://logisek.com

15/05/2026

Starts With Trust

The most dangerous scams do not always look . Sometimes, they arrive as a simple text message from a name you already trust.

Your employees do not need to fall for a complex to create business risk. Sometimes, one convincing SMS is enough to start an account takeover.

---

The Behind a "Legitimate"

You receive a message from your bank, a delivery company, a phone provider, or a familiar online service. It says your account is locked, your package is delayed, your payment failed, or suspicious activity was detected.

The message feels urgent. The link looks close enough. The request sounds routine.

That is smishing.

Smishing is through SMS, and it works because attackers understand human behavior as well as technology. They use timing, fear, curiosity, and trust to push people into acting before they verify.

---

🔗 The Link Is Only Part of the

A smishing message often asks you to "verify your account", "confirm your delivery address", "pay a small fee", "reset your password", "approve a transaction", or "enter your one-time passcode".

None of these requests feel unusual in isolation. That is the problem.

If the message matches something happening in your life, such as waiting for a parcel or receiving a bank alert, your guard drops. Attackers rely on that moment of context to make the scam feel real.

---

Slow Down, Then Verify

The strongest is not panic. It is pause. Do not click links in unexpected SMS messages. Do not call numbers provided in suspicious texts. Do not enter passwords, card details, addresses, or one-time codes through a link sent by SMS.

Instead, open the app, type the website yourself, or call the number printed on your card or statement.

If the message is , delete it, block the sender, report it where possible, and warn others.

A short text can create urgency in seconds. A short pause can stop account takeover, fraud, and identity theft.

- https://logisek.com

12/05/2026

The Privilege Problem

Most breaches don’t become critical because of the initial compromise. They become critical because of what the attacker is allowed to do next.

---

Changes Everything

In many and engagements, low-privileged access is only the beginning. The real objective is understanding how permissions, trust relationships, and delegated access can be chained together.

And surprisingly, these paths rarely depend on sophisticated exploits. They emerge naturally over time.

Access expands. Legacy permissions remain. Temporary exceptions become permanent architecture.

Individually, none of these decisions appear dangerous. Collectively, they create invisible escalation paths across the environment.

---

Over

One of the hardest realities in modern security is this:

often do not need to exploit vulnerabilities at all.

They simply operate within legitimate mechanisms:

- Authentication workflows
- Delegation models
- Misaligned access controls
- Trusted relationships between systems

From the infrastructure’s perspective, everything looks normal. From the attacker’s perspective, it’s a roadmap.

---

⚙️ Least Privilege Is Not

Least privilege is not a one-time configuration exercise. It requires continuous validation.

Organizations that genuinely reduce risk are the ones that continuously test privilege boundaries, review delegated access, and identify escalation chains before adversaries do.

Because the real question is not: "Who has access?" It’s: "What can that access become?"

- https://logisek.com

06/05/2026

Time-to-Compromise Wins Every Time

Most organizations track visibility. Attackers track velocity.

That difference is why many environments are compromised long before defenders fully understand what’s happening. Most security metrics reassure executives while attackers continue moving uninterrupted inside the environment. Visibility without resistance creates a dangerous false sense of maturity.

---

The Illusion of

Security programs often measure success through telemetry:

- More EDR coverage
- More alerts
- More dashboards
- More logs

But care about one metric only: "How quickly can we reach the objective?"

---

⚡ Modern Are Systematic

Post-exploitation is no longer experimental. Attack paths are predictable because enterprise architectures are predictable.

Once initial access is achieved, the progression is usually efficient:

- Enumerate Active Directory and reachable systems
- Harvest credentials and tickets
- Reuse identity trust paths
- Move laterally through legitimate protocols
- Escalate privileges through delegation and ACL abuse

---

Is Happening Too Late

During engagements, one pattern appears repeatedly:

- Detection eventually occurs.
- Containment rarely occurs in time.

By the time alerts trigger on credential dumping or suspicious authentication behavior, attackers have often already:

- Expanded access
- Established persistence
- Reached critical systems

---

🛡️ Must Buy Time

Mature security programs are engineered to slow attackers down.

- Segmentation reduces lateral movement speed
- Credential protections limit privilege reuse
- Detection engineering correlates behavioral chains, not isolated events
- Identity hardening breaks deterministic attack paths

- https://logisek.com

05/05/2026

🎭 The With a Real Login Page

This technique is called code phishing, or OAuth device code flow abuse.

It abuses the 2.0 device authorization grant, originally designed for devices with limited input, like smart TVs, IoT devices, and CLI tools. The device shows a code, the user visits a verification URL, enters the code, and authenticates the device.

Microsoft implements this at microsoft.com/devicelogin.

Attackers weaponize that trust. They initiate a legitimate device code request against Microsoft’s identity platform, often impersonating apps like Microsoft Office, Teams, or Azure CLI. Microsoft returns a real code, usually valid for around 15 minutes. The victim is then asked to "verify their identity" or "join a Teams meeting" by entering that code on Microsoft’s real login page.

---

🧨 Why Still Passed

When the user completes the flow, they are not logging into their own session. They are authorizing the attacker’s session.

then issues access and refresh tokens to the attacker-controlled polling endpoint. Those tokens can provide access to mailboxes, SharePoint, Teams, and federated apps.

MFA passes because the user genuinely authenticated. Conditional Access may pass because the interaction appears to come from the user’s real device and location. Anti-phishing training fails because there is no fake domain to spot.

Microsoft has reported active device code phishing campaigns by Storm-2372, a threat actor assessed as likely aligned with Russian interests, active since August 2024 and observed targeting organizations through 2025.

---

🛡️ The Fix Is , Not More Posters

Block device code flow by default in Entra ID using Conditional Access authentication flow controls. Allow it only for specific users, apps, or scenarios that truly need it, such as kiosks or legacy CLI workflows.

Then alert on every successful device code authentication. In most environments, this should be rare, predictable, and easy to investigate.

- https://logisek.com

27/04/2026

Change. Foundations Don’t.

Every week there’s a new headline. Tomorrow, something else entirely. But here’s the uncomfortable truth: most breaches don’t need new threats, they exploit old, well-known weaknesses that were never properly addressed. AI just makes it faster, attackers move faster, while you keep operating at the same pace.

Instead of reacting to every new name in the threat landscape, take a step back and focus on what actually reduces risk. Perform a pentest now. Identify your real security gaps under realistic conditions. Prioritize and remediate critical and high-risk findings. Follow up with configuration audits and structured security hardening across your infrastructure.

This is how you build confidence in your , not by chasing headlines, but by systematically eliminating the weaknesses attackers consistently rely on.

---

The of "New" Risk

names evolve faster than defenses. Yet during engagements, we rarely need zero-days. Misconfigurations, weak identity controls, and poor segmentation still open the door. The "new threat" narrative often distracts from the real issue: inconsistent fundamentals.

---

Over Panic

isn’t about chasing headlines, it’s about building resilience. Harden your systems. Validate configurations. Test assumptions. A well-executed security assessment or pentest doesn’t just find vulnerabilities, it measures how well your defenses actually hold under pressure.

---

What Actually Works

- Consistent baselines.
- Regular, realistic .
- Continuous of controls.

This is where confidence comes from, not from reacting to every new name in the threat landscape.

If lateral movement is nearly eliminated, your external attack surface is minimal, your workstations are hardened with no admin privileges and unknown executables blocked, and your internal network has nothing more than moderate and low findings, does it really matter what the next threat is called?

If you know your systems and understand your threats, you need not fear the outcome of any attack.

- https://logisek.com

25/04/2026

The 3-Letter Nobody Notices

It doesn’t start with or . It starts with three innocent letters typed too quickly, a file shared with the wrong person, unnoticed, until months later when the mistake finally surfaces.

---

The Hidden Risk in "gpa*"

During assumed breach exercises and , we repeatedly uncover a subtle but dangerous pattern in OneDrive and SharePoint. Users often share access by typing just the first 2–3 letters of a name, "gpa*", assuming the right person will be selected. But in environments with similar usernames (e.g., gpappas, gpapadopoulos), access frequently lands in the wrong hands.

---

⚠️ How Mistakes Become Exposure

The error often goes unnoticed. The intended recipient eventually asks for access, and the owner simply adds them, without removing the unintended user. Not out of negligence, but due to time pressure and lack of visibility. Over time, these small oversights compound into silent data exposure.

---

Why This Is a Security Problem

Attackers don’t need to break in when access is already misconfigured, and insider threats thrive in the same gaps. Regular audits, access reviews, and smarter sharing controls are not optional; they are essential. Not surprisingly, during audits, clients are often shocked to discover just how many unintended users have access.

- https://logisek.com

Address

Koropí

Opening Hours

Monday	09:00 - 18:00
Tuesday	09:00 - 18:00
Wednesday	09:00 - 18:00
Thursday	09:00 - 18:00
Friday	09:00 - 18:00

Telephone

+302106626841

Website

https://logisek.com/

Alerts

Be the first to know and let us send you an email when Logisek posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Logisek:

Shortcuts

Address
Telephone
Opening Hours
Alerts
Contact The Business
Claim ownership or report listing