Hardening Backups Against Ransomware

September 29, 2022
Human-operated ransomware represents a unique challenge to backup infrastructures. Unlike in other scenarios, ransomware attackers specifically target and attempt to destroy backup systems to increase the likelihood that a victimized organization will pay the ransom. This threat requires a different approach to securing backup infrastructure. The Old Ways Are Not Enough Traditionally, enterprise backup infrastructures...

Working with data in JSON format

September 27, 2022
What is JSON? What is JSON? JSON is an acronym for JavaScript Object Notation. For years it has been in use as a common serialization format for APIs across the web. It also has gained favor as a format for logging (particularly for use in structured logging). Now, it has become even more common for...

Watch Out for UUIDs in Request Parameters

September 22, 2022
The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which...

Practical Attacks against NTLMv1

September 15, 2022
1.1      Introduction This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol. While NTLMv1 is hardly ever needed anymore, a surprising number of organizations still use it, perhaps unknowingly. There are however some VPN products that still currently instruct their users to downgrade NLTM...

How Your Team’s Culture Determines the Value of Your Tabletop Exercise

September 13, 2022
A tabletop exercise (TTX) measures more than an organization’s technical capabilities and adherence to an incident response plan—it facilitates the confluence of personalities and team cultures, in turn revealing friction not only in processes but also in team dynamics. The success of an organization’s response in both a TTX scenario and, more importantly, a real-world...

Video Blog: Using DLL Persist to Avoid Detection

September 12, 2022
During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code...
  • Browse by Category

  • Clear Form