Cyber Security Resources
Whitepapers
Improve your cybersecurity by reading our whitepapers and learning from our experts
Labs
Take a look at our tools, presentations, and policies
Unintentionally exposing your organization to MFA bypasses on Azure Active Directory
Some organizations may believe that they are enforcing a second authorization factor when using Microsoft Single-Sign On on Azure Active Directory, but their configuration might have an easy way to bypass it. When configuring Conditional Access policies to enforce multi-factor authentication...
Secrets in Broad Daylight, or How $500,000/Year Software Can Help Hackers Compromise Your Network
You might have taken all the right steps to secure a corporate Windows workstation: your users are not running as local admins, endpoint protection is in place, service ACLs and file permissions are locked down, etc. Yet there is still a frequently overlooked enterprise software weakness that...
Decrypt TLS traffic with mitmproxy & Wireshark
You can view decrypted TLS connections in Wireshark by creating a key log file using mitmproxy: Set an environment variable to point to the desired location to record the TLS encryption keys: export SSLKEYLOGFILE=$PWD/keylogfile.txt.Then start mitmproxy and proxy your browser traffic through the...
Backend DDoS protection
Is your website hosted behind a CDN? Could an attacker brute force or guess your website's origin URL? Are your origin servers hardened against DDoS threats? A common website configuration consists of hosting your applications with infrastructure providers (e.g. Azure, AWS, Heroku,...
Universal Principle of Smoothness
This post is fundamentally about humans and how they achieve goals. It is about defeating our tendencies when solving hard problems and pushing the boundaries of our performance. I call it the Universal Principle of Smoothness, but it is really about the fundamental aspects of any endeavor. It is...
An Easy Cybersecurity Model for Busy Execs
Do you know what your organization's attack surface is? Attack surface is everything that a bad person (aka “attacker”) can interact with or touch. Your organization’s attack surface consists of PIA: People, Infrastructure and Applications. By considering the security of your own PIA, you will...
Stay Connected
Stay on top of the latest in cybersecurity tools, news, and opinion with @carvesystems on social media! Check out our blog for cyber tips, tricks, and all things infosec.