by Ángel Suárez-Bárcena Martín | Apr 19, 2021 | CarveFacts, Featured, News, Uncategorized
Some organizations may believe that they are enforcing a second authorization factor when using Microsoft Single-Sign On on Azure Active Directory, but their configuration might have an easy way to bypass it. When configuring Conditional Access policies to enforce...
by Ángel Suárez-Bárcena Martín | Feb 18, 2020 | Labs, Techniques, Tools, Web
BurpSuite is one of those must-have tools when dealing with web application or API security assessments. Usually, when proxying applications through Burp, a fair amount of noise (advertising and user-tracking 3rd party services, CORS preflight checks, etc.) is also...
by Ángel Suárez-Bárcena Martín | Jan 23, 2020 | AWS, Cloud, News, Techniques
Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers (CSPs) are now less frequent, in contrast with those related to design,...
by Ángel Suárez-Bárcena Martín | Feb 1, 2019 | Labs, Techniques
Kaitai Struct is a general-purpose declarative language for describing binary data structures. With it we can parse binary file formats, in-memory data structures, network packets, etc. The target format to be parsed is first described in the Kaitai Struct language...
by Ángel Suárez-Bárcena Martín | Jul 26, 2018 | IOT, Labs, Techniques, Tools
In this series of blogposts we will cover advanced, security focused, aspects of the ESP8266 /ESP32 SoCs such as sniffing and injecting 802.11 and bluetooth packets, building proof-of-concept network implant devices, etc. The ESP8266 is a low-cost Wi-Fi capable...
