LastPass Security Vulnerability: How Credentials are Accessed in Memory

October 25, 2022
In this video, our Principal Research Analyst Scott Nusbaum goes over his research on LastPass Password Manager. He discusses how the credentials are exposed in memory to an attacker that is present on the host and is able to access the browser process. He also goes over on how LastPass could modify their extension to...

Video Blog: Using DLL Persist to Avoid Detection

September 12, 2022
During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code...

Become The Malware Analyst Series: PowerShell Obfuscation Shellcode

August 20, 2020
In this second installment of the ‘Become a Malware Analyst Series,” Principal Incident Response & Research Consultant Scott Nusbaum focuses on PowerShell obfuscation by analyzing a PowerShell sample that was identified during an incident response. Scott will also touch on methods and tools to identify common Metasploit function hashes.

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

July 7, 2020
In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is...

Access Locked Files With TScopy

June 11, 2020
Wanted: TScopy Tool Testers GitHub Repo https://github.com/trustedsec/tscopy Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. TScopy...

Detecting CVE-2020-0688 Remote Code Execution Vulnerability on Microsoft Exchange Server

February 28, 2020
Microsoft recently released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an attacker to send a specially crafted payload to the server and have it execute an embedded command. Researchers released proof of concept (POC) exploits for this vulnerability on February 24, 2020....
  • Browse by Category

  • Clear Form