Making SMB Accessible with NTLMquic

April 5, 2022
This week, I dusted off my reading list and saw that I’d previously bookmarked an interesting article about the introduction of SMB over QUIC. The article from Microsoft showed that Windows was including support for SMB to be used over the QUIC protocol, which should immediately spark interest for anyone who includes SMB attacks as...

CVE 2022-22965 (Spring4Shell) Vulnerability

April 1, 2022
On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the...

Simplifying Your Operational Threat Hunt Planning

March 30, 2022
Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat...

TrustedSec Okta Breach Recommendations

March 23, 2022
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management...

CVE-2022-24696 – Glance by Mirametrix Privilege Escalation

March 11, 2022
When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the...

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene

March 9, 2022
Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of...
  • Browse by Category

  • Clear Form