Creative Process Enumeration

September 5, 2023
Very often in engagements, you’ll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or 32-bit process. Why do you need to know the process architecture, you might ask? The reasons are many, but one common example is that you...

Crafting Emails with HTML Injection

August 31, 2023
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to time, applications have a need to notify users that an action has occurred or that something in the application needs attention. This may...

The Client/Server Relationship — A Match Made In Heaven

August 17, 2023
This blog post was co-authored with Charlie Clark and Jonathan Johnson of Binary Defense. 1    Introduction One thing often forgotten is that detection engineering isn’t always centered around 1 action to 1 query but also to drive effective incident response to optimize the triage of an alert. This is best served with context. We often...

Prefetch: The Little Snitch That Tells on You

July 25, 2023
Incident Response and forensic analysts use the contents of prefetch files in investigations to gather information, such as the source from which an executable was launched, how many times it was executed, what files it touched, and the date and time it was launched. A prefetch file is like the little brother that tells the...

Modeling Malicious Code: Hacking in 3D

July 13, 2023
Introduction Attackers are always looking for new ways to deliver or evade detection of their malicious code, scripts, executables, and other tools that will allow them to access a target. We on the Tactical Awareness and Countermeasures (TAC) team at TrustedSec strive to keep up with attacker techniques and look ahead to develop potential evolutions...

Chaining Vulnerabilities to Exploit POST Based Reflected XSS

July 6, 2023
Cross-Site Scripting (XSS) vulnerabilities are quite common in web applications. These vulnerabilities allow attackers to inject their own JavaScript into the application which can have devastating impacts. TrustedSec regularly creates weaponized XSS payloads on engagements to perform malicious actions such as stealing documents we shouldn’t have access to. One specific form of XSS vulnerability that...
  • Browse by Category

  • Clear Form