8 Keys to Writing Safer Code

July 9, 2020
All too often, security in code is an afterthought. There’s a reason that bug bounties are so prevalent; as codebases get larger, testing gets harder. Add in the time constraints of a “move fast and break things” mentality and it’s no wonder so many security issues arise. The basics might be there, encrypted connections, hashed...

Microsoft MVP Awards 2020

July 2, 2020
Who are MVPs? According to Microsoft, “Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community.” For more information on this award, visit the Microsoft MVP Overview page. Two members of the TrustedSec team are celebrating being recipients of the award from Microsoft—and both have received the honor in...

CVE-2020-2021: PAN-OS SAML Security Bypass

July 2, 2020
On June 29, 2020, Palo Alto released information on a Security Assertion Markup Language (SAML) authentication bypass CVE-2020-2021. Palo Alto published the advisory PAN-148988 for a critical issue affecting multiple versions of PAN-OS. An Overview of the Vulnerability Description: With network access to a device running a vulnerable version of PAN-OS and configured to use...

Are You Looking for Ants or Termites?

July 1, 2020
Over the last several months, I’ve noticed something when discussing Incident Response (IR) with clients. There is often confusion between the expectation and reality concerning the end results of an IR investigation. My goal here is to clarify and set those expectations, and to show how Threat Hunting factors in. When TrustedSec gets called to...

Questions after an assessment? Let TrustedSec be your guide.

June 29, 2020
Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec. After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times,...

MSBuild: A Profitable Sidekick!

June 25, 2020
This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin) through a Remote Desktop Protocol (RDP) connection. The Situation: At the start of this engagement, I faced the common task of needing to escalate privileges after acquiring low-level access to a...
  • Browse by Category

  • Clear Form