close menu
Shop Our Merch Report A Breach 1-877-550-4728
Latest
Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations
June 1, 2023
By Tyler Hudak in Incident Response, Incident Response & Forensics
Featured
Better Hacking Through Cracking: Know Your Rules
April 21, 2023
By TrustedSec in Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis
Most Read
Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)
March 17, 2023
By Olivia Cate, Justin Elze, Leo Bastidas, Robert R. Lee Jr., Andrew Schwartz, Carlos Perez and Oddvar Moe in Incident Response, Incident Response & Forensics, Purple Team Adversarial Detection & Countermeasures, Research, Vulnerability Assessment

JavaScript Essentials for Beginning Pentesters

May 23, 2023
By Luke Bremer in Penetration Testing
JavaScript is heavily used in almost all modern web applications. Knowing how to format a .js file, set breakpoints, and alter a script’s logic on the fly can be very helpful when working with web applications. To start, let’s navigate to a website and view the application’s resources. For our example, we are using the...

Cross Site Smallish Scripting (XSSS)

May 2, 2023
By Luke Bremer in Penetration Testing, Purple Team Adversarial Detection & Countermeasures
Having small XSS payloads or ways to shorten your payloads ensures that even the smallest unencoded output on a site can still lead to account compromise. A typical image tag with a onerror attribute takes up around 35 characters by itself. <img src=1 onerror="alert('XSS')"> If you would like to prove you can steal credentials or...

How to Get the Most Out of Your Pentest

October 27, 2022
By Luke Bremer in Organizational Training, Penetration Testing, Security Testing & Analysis, Training
TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do...

Avoiding Mixed Content Errors with an HTTPS Python Server

February 17, 2022
By Luke Bremer in Application Security Assessment, Penetration Testing, Security Testing & Analysis
Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we...

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form
3485 Southwestern Boulevard
Fairlawn, OH 44333
1-877-550-4728
  • Follow TrustedSec on Twitter
  • Connect with TrustedSec on LinkedIn
  • Get TrustedSec's RSS feed

Get TrustedSec in your inbox

Sign up to receive the latest in cybersecurity news and resources

    By submitting this form, I agree to receive marketing communications from TrustedSec, which I can unsubscribe from at any time.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    © Copyright 2023 by TrustedSec. All rights reserved.