Skip to Main Content
All Trimarc services are now delivered through TrustedSec! Learn more

The Security Blog

Get up-to-date security insights, tips, and tricks from our amazing team sent to your inbox.

Browse our blogs

We cover it all in The Security Blog. Discover what you’ve been looking for.

Topics
Author
Blog July 08 2025

CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe

While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…

Read about this article
Blog July 01 2025

Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide

In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…

Read about this article
Blog June 24 2025

NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”

As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…

Read about this article
Blog June 17 2025

Attacking JWT using X509 Certificates

Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…

Read about this article
Blog June 13 2025

Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs

Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop…

Read about this article
Blog June 12 2025

Hunting Deserialization Vulnerabilities With Claude

In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…

Read about this article
Blog June 10 2025

Common Mobile Device Threat Vectors

Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…

Read about this article
Blog June 05 2025

Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?

Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could…

Read about this article
Blog June 03 2025

Teaching a New Dog Old Tricks - Phishing With MCP

As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it…

Read about this article
Blog May 29 2025

Apples, Pears, and Oranges: Not All Pentest Firms Are the Same

Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same"…

Read about this article
Blog May 22 2025

AppSec Cheat Sheet: Session Management

Session Management Testing - CookiesThe Cheat Sheet section is for quick reference and to make sure steps don’t get missed.The Learn section is for those who…

Read about this article
Blog May 20 2025

Red Team Gold: Extracting Credentials from MDT Shares

When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the…

Read about this article