BLOG

How to Navigate the Hiring Process in 2022

How to Navigate the Hiring Process in 2022

Published: Jan 13, 2022   |   Author:    |   Category: Blog   |   No Comments

In today’s world of recruitment, things move at a fast pace. One of the most difficult parts of the hiring process, for both candidates and employers, is misalignment around speed and efficiency of the interview process. What are the important things to consider when structuring a hiring process? As a candidate how can you best […]

More
How We Use BloodHound and How it Can Help Defenders

How We Use BloodHound and How it Can Help Defenders

Published: Jan 10, 2022   |   Author:    |   Category: Blog   |   Tags: ,   |   No Comments

BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more concrete, BloodHound can answer questions such as: Who is allowed to RDP to Computer132? Which computers does JohnSmith have admin access to? What are all the […]

More
How to Patch Log4j

How to Patch Log4j

Published: Jan 7, 2022   |   Author:    |   Category: Blog   |   No Comments

The security game is complex, and it’s a hard one to play and get right. The unfortunate reality is that the good guys have to be right consistently, whereas the bad guys only have to be right once. A prime example of this complex game is Log4j. Chances are, you either have extensive knowledge of […]

More
2021: The Year to Volunteer

2021: The Year to Volunteer

Published: Dec 30, 2021   |   Author: and    |   Category: Blog   |   No Comments

Despite the ups and downs of this year, we were able to maintain our commitment to service. We continued our remote efforts, including donor drives, walkathons for Charity Miles, our Acts of Kindness Challenge, participating in Giving Tuesday, etc. However, we were truly thrilled for the opportunity to return to in-person volunteer events. Our team members facilitated and participated in in-person volunteer events on their own, and we were […]

More
Four Easy Indicators of a Phish

Four Easy Indicators of a Phish

Published: Dec 28, 2021   |   Author:    |   Category: Blog   |   Tags: ,   |   No Comments

Cybersecurity can be an endless game of cat and mouse, and attackers are constantly looking for ways into your organization. While major Internet and software providers, including the open source community, are constantly improving security technology, a notable area of risk remains human: phishing. According to the 2021 Verizon Data Breach Investigations Report, phishing has remained […]

More
The Power of the Business Impact Analysis

The Power of the Business Impact Analysis

Published: Dec 9, 2021   |   Author:    |   Category: Blog   |   Tags:   |   No Comments

“Give me six hours to chop down a tree, and I will spend the first four sharpening the axe.” – Abraham Lincoln As 2021 draws to a close and we prepare to welcome the new year, it is important to evaluate how your business and its needs have changed over the past year. Our reliance […]

More
The Rise of Mobile Malware

The Rise of Mobile Malware

Published: Dec 3, 2021   |   Author:    |   Category: Blog   |   Tags:   |   No Comments

Smartphones, tablets and other mobile devices have become ubiquitous in our society over the past few decades, leading to a world where many of us have one in our possession at all times.  The sheer technical capabilities of these devices are tremendous, and they have provided innumerable advancements in efficiency and accessibility for individuals and […]

More
Inbox (1): Proper Email Authentication

Inbox (1): Proper Email Authentication

Published: Nov 19, 2021   |   Author:    |   Category: Blog   |   Tags: ,   |   No Comments

Emails are sent from a source server to a destination server (sometimes through multiple hops) via the SMTP protocol. When you use a webmail client – think Gmail and Yahoo – to send an email, the web server sends emails to its bundled SMTP server and handles authentication for you. When you send an email […]

More
The Root of Certificate Authorities

The Root of Certificate Authorities

Published: Nov 11, 2021   |   Author:    |   Category: Blog   |   Tags: ,   |   No Comments

Ask any cybersecurity professional if using self-signed SSL certificates is acceptable, and they’ll probably say “not really.” Ask why, and we’ll say “we can’t always know who’s behind the screen,” even though we really want to say “Man-in-the-Middle attack.” Then we’d advise your server to utilize a certificate issued by a Certificate Authority trusted by […]

More
Moving Your Network Operations Center Remote

Moving Your Network Operations Center Remote

Published: Nov 10, 2021   |   Author:    |   Category: Blog   |   Tags: ,   |   No Comments

Ahh, the Network Operations Center. I have been working in a NOC in many compacities my entire career in IT. I have also had the chance to build one from the ground up, physically and operationally, including the continued facilities management. Most people in the industry have either worked in, around, with or are aware […]

More
Scanning SMB Shares with SMBLS

Scanning SMB Shares with SMBLS

Published: Nov 4, 2021   |   Author:    |   Category: Blog   |   Tags: ,   |   No Comments

In Carve’s internal engagement service line, we simulate an attacker on a corporate network, which is usually Windows-based. We use a variety of tools to gather information, but we were frustrated by reliability, performance and logging of tools dealing with scanning SMB shares, so we wrote a small Impacket-based tool as a replacement. The main […]

More
Navigating IT Solutioning in a Supply Shortage World

Navigating IT Solutioning in a Supply Shortage World

Published: Nov 3, 2021   |   Author:    |   Category: Blog   |   Tags:   |   No Comments

How many times have you heard “long lead time,” “out of stock,” or “backordered” in the past few months? Vendors and IT professionals alike have had to get creative to solve the ever present challenges during this time of extreme demand and very low inventory. Unless you’ve been living under a rock, you’ve heard about […]

More