Skip to Main Content
All Trimarc services are now delivered through TrustedSec! Learn more

The Security Blog

Get up-to-date security insights, tips, and tricks from our amazing team sent to your inbox.

Browse our blogs

We cover it all in The Security Blog. Discover what you’ve been looking for.

Topics
Author
Blog July 17 2025

Hiding in the Shadows: Covert Tunnels via QEMU Virtualization

Attackers are getting increasingly creative—not just with their payloads, but with how they deliver and operate them. In a recent Incident Response engagement,…

Read about this article
Blog July 15 2025

HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All

Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…

Read about this article
Blog July 10 2025

Azure's Front Door WAF WTF: IP Restriction Bypass

The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…

Read about this article
Blog July 08 2025

CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe

While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…

Read about this article
Blog July 01 2025

Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide

In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…

Read about this article
Blog June 24 2025

NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”

As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…

Read about this article
Blog June 17 2025

Attacking JWT using X509 Certificates

Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…

Read about this article
Blog June 13 2025

Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs

Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop…

Read about this article
Blog June 12 2025

Hunting Deserialization Vulnerabilities With Claude

In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…

Read about this article
Blog June 10 2025

Common Mobile Device Threat Vectors

Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…

Read about this article
Blog June 05 2025

Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?

Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could…

Read about this article
Blog June 03 2025

Teaching a New Dog Old Tricks - Phishing With MCP

As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it…

Read about this article

Loading...