A Career in IT: Where Do I Start?

May 25, 2021
It is, by far, the most frequent question I get asked: How do I get started in IT/InfoSec? So many seem interested in the field of computers, system administration, networking, or information security but have no idea where to start, which can be a frustrating place to be. This blog post is for all of...

Simple Data Exfiltration Through XSS

May 11, 2021
During a recent engagement, I found a cross-site scripting (XSS) vulnerability in a legal document management application and created a quick and dirty document exfiltration payload. Unfortunately, this discovery and coding happened on the final day of the engagement (*cough* reporting bonus hacking day), and I didn’t have a chance to actually put the exfiltrated...

PCI Specialist Art “Coop” Cooper Joins TrustedSec Team

April 29, 2021
When I founded TrustedSec in 2012, I knew exactly the type of person that I wanted to work alongside: talented, passionate about their corner of the security industry, and genuinely interested in helping anyone with the desire to learn more. After nearly a decade, I’m thrilled that TrustedSec is still able to add new people...

ADExplorer on Engagements

April 27, 2021
ADExplorer is a tool I have always had in my backpack. It can be useful for both offensive and defensive purposes, but in this post, I am going to focus more on its offensive use. The tool itself can be found here: https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer A typical scenario I often face on engagements is that I have...

Azure Application Proxy C2

April 21, 2021
With the ever-tightening defensive grip on techniques like domain fronting and detections becoming more effective at identifying common command and control (C2) traffic patterns, our ability to adapt to different egress methods is being tested. Of course, finding methods of pushing out C2 traffic can be a fun exercise during a Red Team engagement. A...

Companies on High Alert for Unemployment Fraud

April 15, 2021
Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult...
  • Browse by Category

  • Clear Form