by Mike Zusman | Dec 28, 2020 | Cloud, Digital Transformation, IOT, Mobile, News, Techniques, Web
Carve COO Max Sobell presenting on “Shifting Security Left” at Giphy HQ. Many a CTO and VP of Engineering has begrudgingly spent money on penetration tests in order to make their enterprise customers or auditors happy. You know how it goes: your team...
by Danny Rosseau | Jan 13, 2020 | Exploits, IOT, Labs
Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
by Ángel Suárez-Bárcena Martín | Jul 26, 2018 | IOT, Labs, Techniques, Tools
In this series of blogposts we will cover advanced, security focused, aspects of the ESP8266 /ESP32 SoCs such as sniffing and injecting 802.11 and bluetooth packets, building proof-of-concept network implant devices, etc. The ESP8266 is a low-cost Wi-Fi capable...
by Brad Dixon | Apr 3, 2018 | IOT, Threat Modelling
I spent time in January improving my understanding of Global Navigation Satellite System (GNSS) technology and working on lab techniques to test GNSS dependency during security assessments. GNSS is a broader term referring to all satellite positioning systems such as...
by Brad Dixon | Sep 20, 2017 | IOT, Techniques
A very typical security assessment and penetration test for Carve involves a device, multiple RF communications interfaces (cellular, WiFi, Bluetooth, ZigBee, some mutant 802.15.4 based stack, etc.) and one or more back-end services. Getting access to all of these...
