by Meador Inge | Feb 18, 2020 | Cloud, Featured, News, Techniques, Tools, Web
Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it’s reproducible, write a proof of concept (PoC) exploit for the vulnerability to determine the impact, and then (3) focus...
by Ángel Suárez-Bárcena Martín | Feb 18, 2020 | Labs, Techniques, Tools, Web
BurpSuite is one of those must-have tools when dealing with web application or API security assessments. Usually, when proxying applications through Burp, a fair amount of noise (advertising and user-tracking 3rd party services, CORS preflight checks, etc.) is also...
by Ángel Suárez-Bárcena Martín | Jan 23, 2020 | AWS, Cloud, News, Techniques
Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers (CSPs) are now less frequent, in contrast with those related to design,...
by Danny Rosseau | Aug 30, 2019 | Android, Labs, Mobile, Techniques
One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I’ll try to use a bit of light threat modeling and...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
by Jonathan Wrightsell | Aug 21, 2019 | Labs, Techniques, Tools
When reverse engineering a binary application, at its lowest practical layer, the reverse engineer is looking at CPU-specific assembly language. In order to fully understand the application, the reverse engineer would need to understand those lower layers, instruction...
