Cyber Security Resources
Whitepapers
Improve your cybersecurity by reading our whitepapers and learning from our experts
Labs
Take a look at our tools, presentations, and policies
Introducing the Carve gcptool
Today I’d like to introduce gcptool, a Google Cloud Platform (GCP) focused tool to assist with auditing a cloud configuration. Here at Carve, we frequently test the security of our customer's cloud configurations throughout the course of our projects. Most commonly, this includes AWS and...
An Introduction to Server-Side Template Injections with Flask
The idea of a web application template is basically what it sounds like. Imagine it is around the holidays and you are writing letters to 20+ relatives. Having to write 20+ letters to each relative eventually becomes a little tedious. Your letters may end up becoming something like this: Dear...
XSS through DHCP: How Attackers Use Standards
During a security assessment, we sometimes need to think outside of the box in order to find interesting and impactful exploits. To aid us in this, we can use protocol standards as a roadmap to assumptions that may be built into a piece of software. Oftentimes, breaking those assumptions means...
Simplify Incident Response with CI/CD and Other Code Access Auditing
*Summary: this post talks about ways that organizations could implement security controls to log and audit code accesses to simplify incident response in the event of source code compromise.* A large part of Carve's customer base is software development organizations, for whom the source code...
iVision Teams Up with Plus+ Consulting to Scale Microsoft Cloud and Cybersecurity Practices
Atlanta, GA, July 11, 2022 – Today, iVision announced its acquisition of Plus+ Consulting, a digital transformation consultancy specializing in Microsoft Cloud and cybersecurity services. Today's IT climate presents a wide array of exciting emerging technologies that drive business value,...
Practical Phishing Defense
In my previous post, we looked at some of the core areas an individual should check when identifying a phish. Learning those phishing red flags will help at the individual level, but you can take it even further by making use of various phishing defense techniques designed to operate at the...
Stay Connected
Stay on top of the latest in cybersecurity tools, news, and opinion with @carvesystems on social media! Check out our blog for cyber tips, tricks, and all things infosec.