by Ángel Suárez-Bárcena Martín | Feb 17, 2022 | Exploits, Featured, Labs, News, Newsletter, Techniques, Uncategorized
In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are...
by Austin Ralls | Jan 10, 2022 | Labs, News, Techniques, Tools
BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more concrete, BloodHound can answer questions such as: Who is allowed to...
by Austin Ralls | Nov 3, 2021 | Labs, News, Techniques, Tools, Uncategorized
In Carve’s internal engagement service line, we simulate an attacker on a corporate network, which is usually Windows-based. We use a variety of tools to gather information, but we were frustrated by reliability, performance and logging of tools dealing with...
by Jeff Ake | Oct 25, 2021 | CarveFacts, News, Strategy, Techniques
During scoping for penetration tests, customers often say that they want us to perform the engagement exactly as a bad actor would, with no collaboration from the customer’s IT or security teams and no access to inside information. This is known as a black box...
by Ángel Suárez-Bárcena Martín | May 27, 2021 | AWS, Cloud, News, Techniques
Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers (CSPs) are now less frequent, in contrast with those related to design,...
by Mike Zusman | May 20, 2021 | Featured, News, Strategy, Techniques
There are many different types of security assessment methodologies identified by cute color associations. Here are simple descriptions of the most popular to help you choose which approach is right for you. Your opinion on these descriptions may differ from mine, and...
