From the Desk of the CEO: Remote Security Testing vs. On-Site Testing: Understanding the Difference

March 19, 2020
With the COVID-19 pandemic underway, we’ve all had to adjust in ways we would have never imagined. Talking with peers in the industry, having to stand up a complete remote workforce overnight has been both challenging and rewarding. While there are bound to be hiccups and lapses in security, the ability for organizations to be...

From the Desk of the CEO: Securing the Future – Junior and Internship Programs

January 16, 2020
When TrustedSec first started, the vision was to build a team of amazing individuals that were passionate, dedicated, and focused on helping organizations fix the issues they face in cybersecurity. While we may have accomplished this, there’s always more to do. At TrustedSec, our mission to contribute to the industry and community has always remained...

Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

January 10, 2020
On December 17, 2019, Citrix released a critical advisory that allows for remote code execution. Advisories like these come out often for organizations, and critical exposures are nothing new for any company. However, when digging into the remediation step details, this advisory gave a substantial amount of information on the exploit itself. What makes this...

A Message of Support: Coalfire Consultants Charged

October 30, 2019
If you haven’t been following recent news, two Coalfire employees, Gary DeMercurio and Justin Wynn, were performing a Physical Penetration Test against a Judicial Branch Building, the Dallas County Courthouse in the state of Iowa. The two employees were engaged by the Iowa State Judicial Branch to conduct the Physical Penetration Test, which is an...
weaponization code graphic

Weaponizing .SettingContent-ms Extensions for Code Execution

June 15, 2018
Matt Nelson (@engima0x3) from SpecterOps recently released a blog post on leveraging a newly discovered filetype extension with the possibility of command execution. This was a fantastic blog, and as attackers, we typically try to find multiple ways to execute code from different delivery systems. This blog is leveraging the awesome research from Matt and...
TrustedSec Blogs + Articles logo

Magic Unicorn v3.0 Released

March 23, 2018
TrustedSec is proud to announce the release of Magic Unicorn v3. This release incorporates one of the largest additions to Unicorn in three years. This version adds several enhancements including support for Cobalt Strike beacon into the PowerShell evasion framework built into Unicorn. In addition, Unicorn now supports your own shellcode to be inserted into...
  • Browse by Category

  • Clear Form