digital and realistic sword graphic

From Scans to Adversary Emulation, Pentesting is Evolving Rapidly

June 14, 2018
Traditional pentesting is evolving as many companies are rapidly maturing their information security programs. Additionally, improvements in operating system hardening, endpoint protection agents, and security appliances are raising the bar for successful compromise and lateral movement. If you talk with pentesters across the industry, you will hear more and more positive stories about client security...
TrustedSec Blogs + Articles logo

Welcome to 2018! A Meltdown and Spectre Run-Through

January 6, 2018
Welcome to 2018! It’s only been a few days into the new year and we already have newly named bugs, thanks to the Google Project Zero, Cyberus Technology, and the Graz University of Technology. Jann Horn, Werner Haas, Thomas Prescher, Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz...
TrustedSec smiley icon

Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike

April 15, 2017
UPDATE: When posting this blog, we had not done the most recent patches for patch Tuesday (in March). This SMB flaw apparently was fixed on Tuesday with MS17-010. When we did our testing, we were out of the patch cycle for March. Clarified the blog post with the update and link to Microsoft below. Link...

Second – Larger – Ashley Madison Dump Released

August 20, 2015
A second – larger dump containing multiple files roughly around 19gigs was just released on TOP of the original dump two days ago with the Ashley Madison hack. It looks like it was in response to Avid Life (owner of Ashley Madison) response that the dump was not legitimate and fake. The Impact Team hackers...

Ashley Madison Hacked. Dump Released

August 19, 2015
Ashley Madison suffered a breach a number of months ago. The hackers called “Impact Team” stated that if Ashley Madison didn’t shut down, it would expose the databases and information hacked from the popular online cheating site. Today it appears that promise came true and Ashley Madison did not buckle or shut down. The database...

Malicious HTA’s not just for Spammers

July 24, 2015
Malicious HTML Applications (HTAs) are nothing new to the security world. A quick Google search will show you posts dating back to 2006 or earlier. At that time, they were primarily used in email phishing attacks as attachments. Currently, most if not all email appliances will flag or drop HTA attachments. If you need a...
  • Browse by Category

  • Clear Form