close menu
Shop Our Merch Report A Breach 1-877-550-4728
Latest
Data Retention Practices – A Brief Overview
March 23, 2023
By Ryan Boyle in Privacy & GDPR Compliance Assessment
Featured
Looting iOS App’s Cache.db
December 1, 2022
By Drew Kirkpatrick in Application Security Assessment, Mobile Security Assessment, Penetration Testing, Program Assessment & Compliance, Program Development, Research, Security Testing & Analysis
Most Read
The Art of Bypassing Kerberoast Detections with Orpheus
November 17, 2022
By Ben Mauch in Penetration Testing, Purple Team Adversarial Detection & Countermeasures, Red Team Adversarial Attack Simulation, Research, Security Testing & Analysis
RPC Programming for the Aspiring Windows Developer

RPC Programming for the Aspiring Windows Developer

March 2, 2023
By Christopher Paschen in Research
As EDR/AV solutions have evolved, attackers, be they malicious or hired testers, need to improve their techniques by exploring new avenues of accomplishing common tasks. These methods evolve over time and sometimes even cycles as techniques become highly detected, then dropped, and later rediscovered. Over a series of posts, we are going to investigate mixing...
Top 5 things that will land an attacker in Azure Cloud - TrustedSec Blog

Top 5 Things That Will Land an Attacker in the Azure Cloud

February 21, 2023
By Edwin David in Application Security Assessment, Cloud Assessment, Cloud Penetration Testing, Office 365 Security Assessment, Password Audits
1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold...
BOFs for Script Kiddies on the TrustedSec Blog

BOFs for Script Kiddies

February 16, 2023
By Adam Todd in Incident Response, Incident Response & Forensics, Penetration Testing, Research, Security Testing & Analysis
Introduction I hope I don’t sound like a complete n00b, but what or who or where is a BOF? All the cool kids are talking about it, and I just smile and nod. Is he the newest Crypto billionaire, or is a meetup for like-minded hackers, or is it some other 1337 slang? I understand...
Azure AD Kerberos on the TrustedSec Security Blog

Azure AD Kerberos Tickets: Pivoting to the Cloud

February 9, 2023
By Edwin David in Active Directory Security Review, Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis
If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any...
ESXIArgs ransomware code

ESXiArgs: The code behind the ransomware

February 8, 2023
By Scott Nusbaum in Incident Response, Incident Response & Forensics
1 Deep Dive into an ESXi Ransomware TrustedSec’s Nick Gilberti wrote a great blog covering the ESXi ransomware’s shell script here. However, in this blog, we are going to dive a little deeper into the code behind this ransomware. The sample ransomware discussed was acquired from VirusTotal and Bleeping Computers forum. The following is a...
ESXiArgs on the TrustedSec Blog

ESXiArgs: What you need to know and how to protect your data

February 7, 2023
By Ashley Pearson, Nick Gilberti, Tyler Hudak, Liz Waddell, Justin Vaicaro, Steven Erwin, Shane Hartman, Olivia Cate and Thomas Millar in Incident Response, Incident Response & Forensics, Threat Hunting
Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the...

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form
3485 Southwestern Boulevard
Fairlawn, OH 44333
1-877-550-4728
  • Follow TrustedSec on Twitter
  • Connect with TrustedSec on LinkedIn
  • Get TrustedSec's RSS feed

Get TrustedSec in your inbox

Sign up to receive the latest in cybersecurity news and resources

    By submitting this form, I agree to receive marketing communications from TrustedSec, which I can unsubscribe from at any time.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    © Copyright 2023 by TrustedSec. All rights reserved.