close menu
Shop Our Merch Report A Breach 1-877-550-4728
Latest
Basic Authentication Versus CSRF
September 21, 2023
By Joe Sullivan in Application Security Assessment, Security Testing & Analysis
Featured
Okta for Red Teamers
September 18, 2023
By Adam Chester in Red Team Adversarial Attack Simulation
Most Read
Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction
June 27, 2023
By Joe Sullivan in Application Security Assessment, Penetration Testing, Security Testing & Analysis

Creative Process Enumeration

September 5, 2023
By Oddvar Moe in Red Team Adversarial Attack Simulation
Very often in engagements, you’ll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or 32-bit process. Why do you need to know the process architecture, you might ask? The reasons are many, but one common example is that you...

Crafting Emails with HTML Injection

August 31, 2023
By Luke Bremer in Application Security Assessment
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to time, applications have a need to notify users that an action has occurred or that something in the application needs attention. This may...

The Client/Server Relationship — A Match Made In Heaven

August 17, 2023
By Andrew Schwartz in Purple Team Adversarial Detection & Countermeasures
This blog post was co-authored with Charlie Clark and Jonathan Johnson of Binary Defense. 1    Introduction One thing often forgotten is that detection engineering isn’t always centered around 1 action to 1 query but also to drive effective incident response to optimize the triage of an alert. This is best served with context. We often...

Prefetch: The Little Snitch That Tells on You

July 25, 2023
By Shane Hartman in Incident Response, Incident Response & Forensics
Incident Response and forensic analysts use the contents of prefetch files in investigations to gather information, such as the source from which an executable was launched, how many times it was executed, what files it touched, and the date and time it was launched. A prefetch file is like the little brother that tells the...

Modeling Malicious Code: Hacking in 3D

July 13, 2023
By Zach Bevilacqua in Penetration Testing, Purple Team Adversarial Detection & Countermeasures, Red Team Adversarial Attack Simulation, Research
Introduction Attackers are always looking for new ways to deliver or evade detection of their malicious code, scripts, executables, and other tools that will allow them to access a target. We on the Tactical Awareness and Countermeasures (TAC) team at TrustedSec strive to keep up with attacker techniques and look ahead to develop potential evolutions...

Chaining Vulnerabilities to Exploit POST Based Reflected XSS

July 6, 2023
By Drew Kirkpatrick in Penetration Testing, Research, Vulnerability Assessment
Cross-Site Scripting (XSS) vulnerabilities are quite common in web applications. These vulnerabilities allow attackers to inject their own JavaScript into the application which can have devastating impacts. TrustedSec regularly creates weaponized XSS payloads on engagements to perform malicious actions such as stealing documents we shouldn’t have access to. One specific form of XSS vulnerability that...

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form
3485 Southwestern Boulevard
Fairlawn, OH 44333
1-877-550-4728
  • Follow TrustedSec on Twitter
  • Connect with TrustedSec on LinkedIn
  • Get TrustedSec's RSS feed

Get TrustedSec in your inbox

Sign up to receive the latest in cybersecurity news and resources

    By submitting this form, I agree to receive marketing communications from TrustedSec, which I can unsubscribe from at any time.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    © Copyright 2023 by TrustedSec. All rights reserved.