ADExplorer on Engagements

April 27, 2021
ADExplorer is a tool I have always had in my backpack. It can be useful for both offensive and defensive purposes, but in this post, I am going to focus more on its offensive use. The tool itself can be found here: A typical scenario I often face on engagements is that I have...

Companies on High Alert for Unemployment Fraud

April 15, 2021
Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult...

BITS for Script Kiddies

April 13, 2021
Introduction Well, I finally popped a box, but the EDR keeps sucking up all my tools. There must be a way to do some basic things on the box without getting caught. How can I poke around and do some stuff without possibly burning all my tools? After all the hard work of getting onto...

Strength Training With Transport Cryptology: Part 2

March 30, 2021
In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you....

Strength Training With Transport Cryptology: Part 1

March 30, 2021
I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new...

Practicing What We Preach

March 29, 2021
At TrustedSec, we work with a lot of Chief Security Officers. As a security company, it’s a role that we think is vitally important to every organization’s success. Historically, our entire team has made a collective effort to meet our own security goals. However, as we continue to grow, we recognize that having a central...
  • Browse by Category

  • Clear Form