Take a look at our tools, presentations, and policies.
BurpSuite is one of those must-have tools when dealing with web application or API security assessments. Usually, when proxying applications through Burp, a fair amount of noise (advertising and user-tracking 3rd party services, CORS preflight checks, etc.) is also...
Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...
Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...
One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I'll try to use a bit of light threat modeling and risk...
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
When reverse engineering a binary application, at its lowest practical layer, the reverse engineer is looking at CPU-specific assembly language. In order to fully understand the application, the reverse engineer would need to understand those lower layers, instruction...
- Edison Mail Advisory – August 2019
- Qolsys Advisory – October 2015
- Systech Advisory – April 2016
- Sierra Wireless Advisory – June 2016
- Netcomm Wireless Advisory – June 2016
- 2016 April – Computers Everywhere (IoT)
- 2016 August – pin2pwn Howto Root an Embedded Linux Box With A Sewing Needle
Stay on top of the latest in cybersecurity tools, news, and opinion with @carvesystems on social media! Check out our blog for cyber tips, tricks, and all things infosec.