close menu
Shop Our Merch Report A Breach 1-877-550-4728
Latest
Situational Awareness BOFs for Script Kiddies
March 21, 2023
By Adam Todd in Research
Featured
Looting iOS App’s Cache.db
December 1, 2022
By Drew Kirkpatrick in Application Security Assessment, Mobile Security Assessment, Penetration Testing, Program Assessment & Compliance, Program Development, Research, Security Testing & Analysis
Most Read
The Art of Bypassing Kerberoast Detections with Orpheus
November 17, 2022
By Ben Mauch in Penetration Testing, Purple Team Adversarial Detection & Countermeasures, Red Team Adversarial Attack Simulation, Research, Security Testing & Analysis

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

March 17, 2023
By Olivia Cate, Justin Elze, Nick Gilberti, Leo Bastidas, Robert R. Lee Jr., Andrew Schwartz, Carlos Perez and Oddvar Moe in Incident Response, Incident Response & Forensics, Purple Team Adversarial Detection & Countermeasures, Research, Vulnerability Assessment
Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire year. This exploit has caught the attention of a hacking group linked to Russian military intelligence that is using it to target European organizations. CVE-2023-23397 allows threat actors to steal NTLM credentials of...

Diving into Pre-Created Computer Accounts

May 10, 2022
By Oddvar Moe in Penetration Testing, Red Team Adversarial Attack Simulation, Security Testing & Analysis
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed...

CVE-2022-24696 – Glance by Mirametrix Privilege Escalation

March 11, 2022
By Oddvar Moe in Hardware Security Assessment, Penetration Testing, Red Team Adversarial Attack Simulation, Security Testing & Analysis
When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the...

Oh, Behave! Figuring Out User Behavior

August 19, 2021
By Oddvar Moe in Application Security Assessment, Penetration Testing, Red Team Adversarial Attack Simulation, Research, Security Testing & Analysis
One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behavior becomes even more important when attempting to defeat next generation of EDRs that...

ADExplorer on Engagements

April 27, 2021
By Oddvar Moe in Attack Path Effectiveness Review, Penetration Testing, Red Team Adversarial Attack Simulation, Security Testing & Analysis
ADExplorer is a tool I have always had in my backpack. It can be useful for both offensive and defensive purposes, but in this post, I am going to focus more on its offensive use. The tool itself can be found here: https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer A typical scenario I often face on engagements is that I have...

4 Free Easy Wins That Make Red Teams Harder

December 10, 2020
By Oddvar Moe in Penetration Testing, Red Team Adversarial Attack Simulation, Security Testing & Analysis, Social Engineering
In this post, I will cover some easy things that defenders can do to make it harder for attackers to succeed. As you all know, there is never a silver bullet when it comes to security, so these tips will only make it harder for attackers by focusing on the basics, and sometimes, that helps...

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form
3485 Southwestern Boulevard
Fairlawn, OH 44333
1-877-550-4728
  • Follow TrustedSec on Twitter
  • Connect with TrustedSec on LinkedIn
  • Get TrustedSec's RSS feed

Get TrustedSec in your inbox

Sign up to receive the latest in cybersecurity news and resources

    By submitting this form, I agree to receive marketing communications from TrustedSec, which I can unsubscribe from at any time.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    © Copyright 2023 by TrustedSec. All rights reserved.