• Home
  • About Us
  • Security Services
    • Testing
    • Strategy
    • Engineering
  • Careers
  • Resources
    • Blog
    • Whitepapers
    • Labs
  • Contact
  • Request a Quote
Credentialed Windows Remote Code Execution techniques

Credentialed Windows Remote Code Execution techniques

by Ángel Suárez-Bárcena Martín | Feb 17, 2022 | Exploits, Featured, Labs, News, Newsletter, Techniques, Uncategorized

In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are...
Three Most Common Security Mistakes Seen During AWS Application Assessments

Three Most Common Security Mistakes Seen During AWS Application Assessments

by Ángel Suárez-Bárcena Martín | May 27, 2021 | AWS, Cloud, News, Techniques

Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers (CSPs) are now less frequent, in contrast with those related to design,...

Unintentionally exposing your organization to MFA bypasses on Azure Active Directory

by Ángel Suárez-Bárcena Martín | Apr 19, 2021 | CarveFacts, Featured, News, Uncategorized

Some organizations may believe that they are enforcing a second authorization factor when using Microsoft Single-Sign On on Azure Active Directory, but their configuration might have an easy way to bypass it. When configuring Conditional Access policies to enforce...
Rule-Based Highlighter Plugin for BurpSuite

Rule-Based Highlighter Plugin for BurpSuite

by Ángel Suárez-Bárcena Martín | Feb 18, 2020 | Labs, Techniques, Tools, Web

BurpSuite is one of those must-have tools when dealing with web application or API security assessments. Usually, when proxying applications through Burp, a fair amount of noise (advertising and user-tracking 3rd party services, CORS preflight checks, etc.) is also...
Parsing Binaries with Kaitai Struct

Parsing Binaries with Kaitai Struct

by Ángel Suárez-Bárcena Martín | Feb 1, 2019 | Labs, Techniques

Kaitai Struct is a general-purpose declarative language for describing binary data structures. With it we can parse binary file formats, in-memory data structures, network packets, etc. The target format to be parsed is first described in the Kaitai Struct language...
« Older Entries

Search

Want a Quote?

Request A Quote

The Carve Report

A monthly email from the security experts at Carve Systems.

Sign up

Categories

Recent Posts

  • Cook With Carve: Baked Chicken Katsu

Request a Quote



Office

600 5th Avenue, 2nd Floor
C/O Studio at Rockefeller Center
New York, New York 10020


Contact Us

Call us:
201-632-3422
Email us:
info@carvesystems.com



The Carve Report

A monthly email from the security experts at Carve Systems.

Sign up


Follow Us

  • Follow
  • Follow
  • Follow
  • Follow

Carve Systems © 2020 | Privacy Policy