A Discussion on Serverless Application Vulnerabilities

August 6, 2020
The main advantage of utilizing serverless architecture, such as Amazon Web Services (AWS), is that it is a great way to build applications without having to manage the infrastructure. The provider will provision, scale, and maintain the servers to run applications, databases, and storage systems. Naturally, this offloads the risk of server-side insecurities to the...

Malicious Macros for Script Kiddies

August 4, 2020
Introduction Macros seem like the new hotness amongst hackers, but I thought macros were just simple scripts that some accountant in finance used to simplify their spreadsheets. How can I use and abuse these things to Hack the Planet and rule the world? How can something designed in the 90s still be relevant? In previous...

The Updated Security Pro’s Guide to MDM, MAM, and BYOD

July 30, 2020
Bring your own device (BYOD) is an accepted convention, most commonly for mobile devices, in corporate environments. Even company-owned devices are treated by employees as personal devices and are often incorporated into the environment in the same way that employee-owned devices are. Our job in information security is to ensure that the business initiatives like...

Thycotic Secret Server: Offline Decryption Methodology

July 28, 2020
On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simple as finding somebody that...

From the Desk of the CEO: Jeremy Wolff Joins TrustedSec as Managing Director of Advisory

July 23, 2020
Today I’m proud to announce the hiring of Jeremy Wolff to run the Advisory Team at TrustedSec. As we see the security industry change, we also make our own internal adjustments to allow us to shift our business to match the needs of our customers. Bringing on Wolff is a direct response to new needs...

Azure Automation – Getting Started With Desired State Configurations

July 21, 2020
Azure brings a lot of new tools and capabilities to the IT and Information Security toolbox. In fact, there are so many features that it can be overwhelming and difficult to understand when or how to use them. I believe that the revamp of Desired State Configuration (DSC) within Azure is one of these overlooked...
  • Browse by Category

  • Clear Form