Is Zoom’s Lack of End-To-End Encryption a Problem?

April 2, 2020
All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target...

Tricks for Weaponizing XSS

March 30, 2020
In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers use a simple alert(1) payload to demonstrate successful JavaScript execution when we identify an XSS vulnerability. While...

Working from Home Tips for Script Kiddies

March 26, 2020
Working from home seems like a dream. What is everyone complaining about? I can’t think of anything better than working from my couch in my hoodie and boxers. I don’t have to make small talk. I don’t have to go outside. I can just sit by myself, crank out the code, and catch up on...

Crossover Sec: Breaking Down the Silos

March 24, 2020
People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, “Adaptation of the Security Sub-Culture,” know of my non-InfoSec hobby and history of playing in loud bands that recorded and toured across the U.S. and Canada, mostly in the 90s. It was music in the 80s that had...

Upgrade Your Workflow, Part 2: Building Phishing Checklists

March 19, 2020
Continuing on the idea of creating checklists, (see previous blog about OSINT checklists), I wanted to share my personal phishing checklist. This list is what I use to make sure I have covered all my bases before firing the email. Some of these items may or may not be used, depending on your pretext. TLDR:...

From the Desk of the CEO: Remote Security Testing vs. On-Site Testing: Understanding the Difference

March 19, 2020
With the COVID-19 pandemic underway, we’ve all had to adjust in ways we would have never imagined. Talking with peers in the industry, having to stand up a complete remote workforce overnight has been both challenging and rewarding. While there are bound to be hiccups and lapses in security, the ability for organizations to be...
  • Browse by Category

  • Clear Form