BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more...
Cybersecurity can be an endless game of cat and mouse, and attackers are constantly looking for ways into your organization. While major Internet and software providers, including the open source...
Emails are sent from a source server to a destination server (sometimes through multiple hops) via the SMTP protocol. When you use a webmail client – think Gmail and Yahoo – to send an email, the...
Ask any cybersecurity professional if using self-signed SSL certificates is acceptable, and they’ll probably say “not really.” Ask why, and we’ll say “we can’t always know who’s behind...
In Carve’s internal engagement service line, we simulate an attacker on a corporate network, which is usually Windows-based. We use a variety of tools to gather information, but we were frustrated...
During scoping for penetration tests, customers often say that they want us to perform the engagement exactly as a bad actor would, with no collaboration from the customer’s IT or security teams...
Keeping track of your company’s public IP space is always a good idea. This means maintaining a centralized up-to-date list of: – All static IP blocks allocated to you (by an ISP) –...
If your user base is primarily IoT devices and your organization doesn’t want to manage passwords for each device, then it seems like a series of unguessable passwords such as “d3v1ce ” is the...