Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
JS-Tap Mark II: Now with C2 Shenanigans
JS-Tap is a tool intended to help red teams attack web applications. I recently blogged about the data collection capabilities in JS-Tap version 1.0, and data…
Introducing Meta-Detector
In this blog post, I’m going to discuss a new Open-Source Intelligence (OSINT) tool I created to assist with collecting information about target organizations…
Most Reported Web Findings of 2023
I reviewed the findings from the application and API assessments that the TrustedSec Software Security Team conducted during 2023 to see what issues we were…
XZ Utils Made Me Paranoid
On March 28, 2024, the news about the XZ Utils backdoor came out. Since then, I’ve been thinking about how we could identify these backdoors before packages…
The Midnight Alert: Navigating the Dark Web Data Dilemma
In the dead of night, an ominous message hits your inbox: "Your company's sensitive data is for sale on the dark web." As the Chief Information Security…
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During…
Loading DLLs Reflections
We're back with another post about common malware techniques. This time we're not talking about process hollowing. We are going to branch off and talk about…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 3
Related RequirementsThis is part three (3) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 2
Risk RankingThis is part two (2) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities.…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 1
Vulnerability IdentificationPCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities, and its predecessors in previous…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
Observations From Business Email Compromise (BEC) Attacks
Since joining TrustedSec, I have gotten to work numerous cases, and each of them is like unraveling a mystery to get at the truth—especially the situations…
Loading...