Microsoft MVP Awards 2020

July 2, 2020
Who are MVPs? According to Microsoft, “Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community.” For more information on this award, visit the Microsoft MVP Overview page. Two members of the TrustedSec team are celebrating being recipients of the award from Microsoft—and both have received the honor in...

CVE-2020-2021: PAN-OS SAML Security Bypass

July 2, 2020
On June 29, 2020, Palo Alto released information on a Security Assertion Markup Language (SAML) authentication bypass CVE-2020-2021. Palo Alto published the advisory PAN-148988 for a critical issue affecting multiple versions of PAN-OS. An Overview of the Vulnerability Description: With network access to a device running a vulnerable version of PAN-OS and configured to use...

Are You Looking for Ants or Termites?

July 1, 2020
Over the last several months, I’ve noticed something when discussing Incident Response (IR) with clients. There is often confusion between the expectation and reality concerning the end results of an IR investigation. My goal here is to clarify and set those expectations, and to show how Threat Hunting factors in. When TrustedSec gets called to...

Questions after an assessment? Let TrustedSec be your guide.

June 29, 2020
Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec. After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times,...

MSBuild: A Profitable Sidekick!

June 25, 2020
This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin) through a Remote Desktop Protocol (RDP) connection. The Situation: At the start of this engagement, I faced the common task of needing to escalate privileges after acquiring low-level access to a...

Using Effectiveness Assessments to Identify Quick Wins

June 23, 2020
An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration...
  • Browse by Category

  • Clear Form