Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Modern Web Application Content Discovery
Staring at a web app with no links and no navigation? In this blog, we break down modern content discovery, from forced browsing and web crawling to Google…
JQ for Hackers
Grey-bearded hackers and sysadmins still reaching for cut and CSV files, this one's for you. In this blog, we break down jq and why it's time to embrace JSON.
JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants
When I first wrote JS-Tap, the goal was to provide red teamers with a generic JavaScript payload that works without prior knowledge of a web application and…
Hardening Intune: The Implementation Guide
Part 2: Step-by-Step Configuration for Every ControlThis is Part 2 of a two-part series on Intune security hardening. Part 1 covers the attacks we have seen…
How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking the Perfect Purple Team
Whether it be the advent of AI technologies, new Red-Team techniques and exploits, or new patches and emergent defensive technologies, it’s pretty clear to all…
The Privileged Roles Nobody Talks About
Part 1: Why Your MDM Platform is a Tier 0 AssetThis is Part 1 of a two-part series on Intune security hardening. This post covers what we have seen in real…
CMMC Conditional Status - Contracting Without Compliance
The CMMC rollout is progressing. Contracts that require a CMMC Level 2 (Self) self-assessment have been circulating since the start of Phase 1 in November…
PCI DSS, Telephone Payments, and the Problems With VoIP
Turns out your VoIP system has some opinions about your PCI DSS compliance. Director of Advisory Services Chris Camejo breaks down who's affected and how to…
Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem
Same worm, different wave. In our new blog, Director of Security Intelligence Carlos Perez covers Shai-Hulud, how this supply-chain malware can eat your whole…
Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows
1.1 IntroductionRalph is a solid tool that makes agents do…more. It's defined as: an autonomous AI agent loop that runs repeatedly until all PRD items are…
Finding Your Way on the Passkey Path
Ready to ditch passwords for good, but not sure where to start? Introducing Passkey Path, a choose-your-own-adventure guide to transitioning from passwords to…
Slamming the Door on Quick Assist Tech Support Scams and Abuse
Tech support scams are simple by design—just a trusted tool and a convincing story. We break down Microsoft Windows Quick Assist as an attack vector, detection…
Loading...