Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

January 10, 2020
On December 17, 2019, Citrix released a critical advisory that allows for remote code execution. Advisories like these come out often for organizations, and critical exposures are nothing new for any company. However, when digging into the remediation step details, this advisory gave a substantial amount of information on the exploit itself. What makes this...

A Message of Support: Coalfire Consultants Charged

October 30, 2019
If you haven’t been following recent news, two Coalfire employees, Gary DeMercurio and Justin Wynn, were performing a Physical Penetration Test against a Judicial Branch Building, the Dallas County Courthouse in the state of Iowa. The two employees were engaged by the Iowa State Judicial Branch to conduct the Physical Penetration Test, which is an...
weaponization code graphic

Weaponizing .SettingContent-ms Extensions for Code Execution

June 15, 2018
Matt Nelson (@engima0x3) from SpecterOps recently released a blog post on leveraging a newly discovered filetype extension with the possibility of command execution. This was a fantastic blog, and as attackers, we typically try to find multiple ways to execute code from different delivery systems. This blog is leveraging the awesome research from Matt and...
TrustedSec Blogs + Articles logo

Magic Unicorn v3.0 Released

March 23, 2018
TrustedSec is proud to announce the release of Magic Unicorn v3. This release incorporates one of the largest additions to Unicorn in three years. This version adds several enhancements including support for Cobalt Strike beacon into the PowerShell evasion framework built into Unicorn. In addition, Unicorn now supports your own shellcode to be inserted into...
TrustedSec Blogs + Articles logo

Carlos Perez (darkoperator) joins the TrustedSec team!

February 19, 2018
TrustedSec is proud to announce the hiring of Carlos Perez (@Carlos_Perez) to run the Research and Development team. At TrustedSec, we continue to expand our tooling, capabilities, and talent within the organization. With the addition to Carlos coming aboard, we continue to hire specialized, passionate, and highly skilled people. Carlos has been a friend for...
TrustedSec Blogs + Articles logo

More Complex Intruder Attacks with Burp!

December 21, 2017
Recently I was performing an external penetration test, and there was not a lot of attack surface but there was a firewall device present with one of those browser based SSL VPN services. Without a lot to go on other than some usernames gathered from LinkedIn, this seemed like a door worth trying to force....
  • Browse by Category

  • Clear Form