by Ángel Suárez-Bárcena Martín | Apr 19, 2021 | CarveFacts, Featured, News, Uncategorized
Some organizations may believe that they are enforcing a second authorization factor when using Microsoft Single-Sign On on Azure Active Directory, but their configuration might have an easy way to bypass it. When configuring Conditional Access policies to enforce...
by Roman Faynberg | Apr 12, 2021 | Exploits, Featured, News, Techniques
You might have taken all the right steps to secure a corporate Windows workstation: your users are not running as local admins, endpoint protection is in place, service ACLs and file permissions are locked down, etc. Yet there is still a frequently overlooked...
by Brad Dixon | Apr 6, 2021 | CarveFacts, Featured, News
You can view decrypted TLS connections in Wireshark by creating a key log file using mitmproxy: Set an environment variable to point to the desired location to record the TLS encryption keys: export SSLKEYLOGFILE=$PWD/keylogfile.txt.Then start mitmproxy and proxy your...
by Austin Ralls | Jan 27, 2021 | CarveFacts, Cloud, News
Is your website hosted behind a CDN? Could an attacker brute force or guess your website’s origin URL? Are your origin servers hardened against DDoS threats? A common website configuration consists of hosting your applications with infrastructure...
by Jeremy Allen | Jan 11, 2021 | Featured, News, Strategy
This post is fundamentally about humans and how they achieve goals. It is about defeating our tendencies when solving hard problems and pushing the boundaries of our performance. I call it the Universal Principle of Smoothness, but it is really about the fundamental...
by Mike Zusman | Jan 11, 2021 | Digital Transformation, Featured, News, Strategy, Threat Modelling
Do you know what your organization’s attack surface is? Attack surface is everything that a bad person (aka “attacker”) can interact with or touch. Your organization’s attack surface consists of PIA: People, Infrastructure and Applications. By considering the...
