Cyber Security Resources
Whitepapers
Improve your cybersecurity by reading our whitepapers and learning from our experts
Labs
Take a look at our tools, presentations, and policies
Credentialed Windows Remote Code Execution techniques
In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are heavily focused on offensive...
In the News: Security Researchers hacked by North Korea
Last year, a group of US security researchers were targeted by North Korean backed black hat adversaries. Many reported the activity to the appropriate governmental channels, scrubbed their systems of the malware payloads and moved on. However, one targeted researcher known as Px4, disappointed by...
In the News: Log4J
Unless you’ve been living under a rock for the last month, you’ve definitely heard the technology community discussing the log4j vulnerability known as log4shell. If you have been living under a rock, feel free to catch up here. The danger of the vulnerability has been well covered, from the...
How we use BloodHound, and how it can help defenders: 3 ways IT analysts could use BloodHound to improve Windows domain security
BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more concrete, BloodHound can answer questions such as: Who is allowed to RDP to Computer132?Which...
Four Easy Indicators of a Phish
Cybersecurity can be an endless game of cat and mouse, and attackers are constantly looking for ways into your organization. While major Internet and software providers, including the open source community, are constantly improving security technology, a notable area of risk remains human:...
Inbox (1): Proper Email Authentication
Emails are sent from a source server to a destination server (sometimes through multiple hops) via the SMTP protocol. When you use a webmail client - think Gmail and Yahoo - to send an email, the web server sends emails to its bundled SMTP server and handles authentication for you. When you send...
Stay Connected
Stay on top of the latest in cybersecurity tools, news, and opinion with @carvesystems on social media! Check out our blog for cyber tips, tricks, and all things infosec.