by Dylan Ross | Sep 29, 2022 | Exploits, News, Web
During a security assessment, we sometimes need to think outside of the box in order to find interesting and impactful exploits. To aid us in this, we can use protocol standards as a roadmap to assumptions that may be built into a piece of software. Oftentimes,...
by Roman Faynberg | Aug 29, 2022 | News
*Summary: this post talks about ways that organizations could implement security controls to log and audit code accesses to simplify incident response in the event of source code compromise.* A large part of Carve’s customer base is software development...
by Editor | Jul 11, 2022 | News
Atlanta, GA, July 11, 2022 – Today, iVision announced its acquisition of Plus+ Consulting, a digital transformation consultancy specializing in Microsoft Cloud and cybersecurity services. Today’s IT climate presents a wide array of exciting emerging...
by Ángel Suárez-Bárcena Martín | Feb 17, 2022 | Exploits, Featured, Labs, News, Newsletter, Techniques, Uncategorized
In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are...
by Austin Ralls | Jan 10, 2022 | Labs, News, Techniques, Tools
BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more concrete, BloodHound can answer questions such as: Who is allowed to...
by John Poch | Dec 27, 2021 | News, Strategy, Uncategorized, Web
Cybersecurity can be an endless game of cat and mouse, and attackers are constantly looking for ways into your organization. While major Internet and software providers, including the open source community, are constantly improving security technology, a notable area...
