Prepare to Write A Scanner Plugin Before Your Next Platform Test!

April 16, 2020
BurpSuite is a remarkably extensible platform. While I have written a number of extensions for testing specific applications, as well as more general extensions, one type of extension I had never attempted before was creating my own BurpSuite Scanner plugin. Because modern applications are increasingly difficult to exhaustively test for certain types of issues, I...
computer icon

Building a “Quick” Lab Environment with Linux Containers

July 3, 2018
As a penetration tester, I often need to stand up small environments (and sometimes not so small) for a few different reasons—to try things out before making a mess of a client’s production system, to avoid being detected, or to use it simply for our own practice. A lot of us at TrustedSec are remote,...
TrustedSec Blogs + Articles logo

Ruby ERB Template Injection

September 13, 2017
Written by Scott White & Geoff Walton Templates are commonly used both client and server-side for many of today’s web applications.  Many template engines are available in several different programming languages.  Some examples are Smarty, Mako, Jinja2, Jade, Velocity, Freemaker, and Twig.  Template injection is a type of injection attack that can have some particularly...

SHIPS version 2 Released! (major release)

March 16, 2016
The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a...

The Internet Gets a Dress Code!

August 5, 2015
Next generation firewalls have been the buzz for a few years now, but only on some of my more recent field experiences have I encountered organizations doing what I really like to see being done with them. Next generation firewalls are really all about one thing in my opinion: real honest egress monitoring and they...

Scaling New Walls with Old Ladders

June 5, 2015
The security landscape is always changing. Both attackers and defenders are constantly facing new challenges. The content of the pentester’s toolbox today is very different from just a few short years ago, as has the array of technologies, network administrators, and security practitioners have at this disposal to defend against increasingly capable threat agents. With...
  • Browse by Category

  • Clear Form