by Ángel Suárez-Bárcena Martín | Feb 17, 2022 | Exploits, Featured, Labs, News, Newsletter, Techniques, Uncategorized
In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are...
by Mike Zusman | May 20, 2021 | Featured, News, Strategy, Techniques
There are many different types of security assessment methodologies identified by cute color associations. Here are simple descriptions of the most popular to help you choose which approach is right for you. Your opinion on these descriptions may differ from mine, and...
by Ángel Suárez-Bárcena Martín | Apr 19, 2021 | CarveFacts, Featured, News, Uncategorized
Some organizations may believe that they are enforcing a second authorization factor when using Microsoft Single-Sign On on Azure Active Directory, but their configuration might have an easy way to bypass it. When configuring Conditional Access policies to enforce...
by Roman Faynberg | Apr 12, 2021 | Exploits, Featured, News, Techniques
You might have taken all the right steps to secure a corporate Windows workstation: your users are not running as local admins, endpoint protection is in place, service ACLs and file permissions are locked down, etc. Yet there is still a frequently overlooked...
by Brad Dixon | Apr 6, 2021 | CarveFacts, Featured, News
You can view decrypted TLS connections in Wireshark by creating a key log file using mitmproxy: Set an environment variable to point to the desired location to record the TLS encryption keys: export SSLKEYLOGFILE=$PWD/keylogfile.txt.Then start mitmproxy and proxy your...
by Jeremy Allen | Jan 11, 2021 | Featured, News, Strategy
This post is fundamentally about humans and how they achieve goals. It is about defeating our tendencies when solving hard problems and pushing the boundaries of our performance. I call it the Universal Principle of Smoothness, but it is really about the fundamental...