Faux Ransomware Does Damage – WSJ

July 26, 2017 | By:

  Cyberattack wasn’t intended to extort money, rather aimed to cripple businesses… This week’s global virus outbreak that grounded airplanes in Ukraine, slowed FedEx courier deliveries in Europe and disrupted Maersk container ships around the world was devised simply to damage businesses, not earn profits for the hackers behind it, security experts now believe.


Computer Hackers Increasingly Eyeing ‘Smart Appliances’, Featuring Christopher Prewitt & Alex Hamerstone – Cleveland 19 News

July 24, 2017 | By:

Computer Hackers Increasingly Eyeing ‘Smart Appliances’ – Cleveland 19 News   CLEVELAND, OH (WOIO) -The Black Hat and Defcon cyber security conventions get underway this week in Las Vegas. Tens of thousands of computer experts will be gathering to discuss the latest threats and trends. They’ll also be receiving training to help businesses and consumers better protect their vital…


New Tool Release: NPS_Payload

July 23, 2017 | By:

Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very reliable in allowing us to gain a shell on a host in…


Social-Engineer Toolkit (SET) v7.7 “Blackout” Released

July 11, 2017 | By:

TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and with a valid code signing certificate can be one of the easiest ways to get…


iCONIC Conference on Information Security, Featuring David Kennedy – CNBC

July 05, 2017 | By:

iCONIC Conference on Information Security, Featuring David Kennedy – CNBC  


What is WannaCry? Featuring David Kennedy – CNN

May 15, 2017 | By:

  What is WannaCry? Featuring David Kennedy – CNN


Hackers Demand Ransom in Major Cyber Attack, Featuring David Kennedy – CNN

May 13, 2017 | By:

Hackers Demand Ransom in Major Cyber Attack, Featuring David Kennedy – CNN  


Full Disclosure: Adobe ColdFusion Path Traversal for CVE-2010-2861

March 15, 2017 | By:

This blog was written by Scott White, Senior Principal Security Consultant, Web Application Team Lead – TrustedSec TL;DR: A publicly undisclosed pre-auth local file disclosure path in older Adobe ColdFusion products (8.0, 8.0.1, 9.0, 9.0.1 and earlier versions) exists at /CFIDE/debug/cf_debugFr.cfm?userPage=../../etc/hosts During a recent penetration test, a web site utilizing cfm pages was identified and…


OBD-II Break-Out Box (DIY Edition)

June 27, 2016 | By:

This blog was written by Jason Ashton, Security Consultant – TrustedSec When assessing a vehicle’s various electronic systems, the primary interface is the On-Board Diagnostics (OBD-II) port. This provides the connection to interface with the vehicle’s CANBus, among others. The CANBus has been utilized in vehicles within the US since the 90s and has been…


Introduction to GPU Password Cracking: Owning the LinkedIn Password Dump

June 17, 2016 | By:

This blog was written by Martin Bos, Senior Principal Security Consultant – TrustedSec Unless you’ve been living under a rock for the past few months you have probably heard about the dump from the 2012 LinkedIn hack being released.  TrustedSec was able to acquire a copy of the list and use it for research purposes. Our…