by Brad Dixon | Apr 6, 2021 | CarveFacts, Featured, News
You can view decrypted TLS connections in Wireshark by creating a key log file using mitmproxy: Set an environment variable to point to the desired location to record the TLS encryption keys: export SSLKEYLOGFILE=$PWD/keylogfile.txt.Then start mitmproxy and proxy your...
by Brad Dixon | Apr 3, 2020 | Cloud, Digital Transformation, Featured, News
Zoom has had a tough week. While usage has been setting new records they have had to cope with a slew of security gaffes that have received lots of media attention. Concern over some of these issues is justified. However, Zoom seems to be getting more than its fair...
by Brad Dixon | Aug 9, 2019 | Disclosures, News
If you missed Brad’s talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I’m not talking about League of Legends or Fortnite. Those games aren’t the only eSports in...
by Brad Dixon | Apr 7, 2018 | Techniques, Tools
We perform application-level security assessments of APIs quite frequently. About a year ago I was working on a project with a large REST API. Roughly 1,300 routes implemented across dozens of micro-services with a very complex role based authorization framework....
by Brad Dixon | Apr 3, 2018 | IOT, Threat Modelling
I spent time in January improving my understanding of Global Navigation Satellite System (GNSS) technology and working on lab techniques to test GNSS dependency during security assessments. GNSS is a broader term referring to all satellite positioning systems such as...