close menu
Shop Our Merch Report A Breach 1-877-550-4728
Latest
What You Need to Know About SBOM
March 30, 2023
By Charles Yost in Incident Response, Incident Response & Forensics, Research
Featured
Looting iOS App’s Cache.db
December 1, 2022
By Drew Kirkpatrick in Application Security Assessment, Mobile Security Assessment, Penetration Testing, Program Assessment & Compliance, Program Development, Research, Security Testing & Analysis
Most Read
The Art of Bypassing Kerberoast Detections with Orpheus
November 17, 2022
By Ben Mauch in Penetration Testing, Purple Team Adversarial Detection & Countermeasures, Red Team Adversarial Attack Simulation, Research, Security Testing & Analysis

Setting the ‘Referer’ Header Using JavaScript

September 29, 2020
By Drew Kirkpatrick in Application Security Assessment, Mobile Security Assessment, Penetration Testing, Research, Security Testing & Analysis
Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense...

PentesterLab Pro Giveaway

April 3, 2020
By Drew Kirkpatrick in Penetration Testing, Security Testing & Analysis
We are excited to announce that we will be giving away 200 one-month subscriptions to PentesterLab Pro. During these challenging times, we hope that you will be able to use this learning resource to improve your web application testing skills. PentesterLab Pro is a leading industry tool designed to make learning web hacking easier. Using hands-on...

Tricks for Weaponizing XSS

March 30, 2020
By Drew Kirkpatrick in Application Security Assessment, Penetration Testing
In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers use a simple alert(1) payload to demonstrate successful JavaScript execution when we identify an XSS vulnerability. While...
neurons inputs and outputs graphic

On the possibility of obfuscating code using neural networks

June 11, 2019
By Drew Kirkpatrick in Application Security Assessment, Penetration Testing, Security Testing & Analysis
In this blog post, I will cover the current state of my research investigating the possibility of using neural networks to hide shellcode. But before we dig in, I will provide a little background information. For those unfamiliar with neural networks, they are a type of computer system design that is inspired by how human...

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form
3485 Southwestern Boulevard
Fairlawn, OH 44333
1-877-550-4728
  • Follow TrustedSec on Twitter
  • Connect with TrustedSec on LinkedIn
  • Get TrustedSec's RSS feed

Get TrustedSec in your inbox

Sign up to receive the latest in cybersecurity news and resources

    By submitting this form, I agree to receive marketing communications from TrustedSec, which I can unsubscribe from at any time.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    © Copyright 2023 by TrustedSec. All rights reserved.