THIS POST WAS WRITTEN BY @NYXGEEK When performing brute-force attacks, it’s our first instinct to go to the current season and year, i.e., Winter20, Winter2020. But it’s important to keep in mind that many organizations use a 90-day password change window, and 90 days can be a deceptively long time. For instance, as of today, February…
Read
This post was written by @nyxgeek Microsoft recently fixed a beloved user enumeration vulnerability in Office 365 that I routinely used to gain valid credentials for the last couple of years (https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/). Microsoft still hasn’t changed its official stance on user-enumeration-as-a-bug (they say it’s NOT a problem), and the company opted to fix this latest…
Read
Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…
Read
Not too long ago, I was at a hardware store and I came across some lights that I wanted to play with because I had a feeling they could be fun for Halloween and make for a decent blog post. Before I purchased the lights, I looked at their online manual and checked to see…
Read
In this post, we will cover a privilege escalation that I found in the Intel Trusted Connect Service Client. The Connect Service Client is part of Intel Management Engine Components and is designed to permit a non-privileged user to become system. After communicating with Intel about the vulnerability, it was discovered that this was already…
Read
The Citrix NetScaler remote code execution vulnerability (CVE-2019-19781) has been a pretty popular topic over the last few weeks. Once public exploits of the vulnerability started to appear in the wild, TrustedSec deployed a Citrix NetScaler honeypot. We did not have to wait long for the attacks to begin. Less than 24 hours after deployment,…
Read
With the recent Citrix ADC (NetScaler) CVE-2019-19781 Remote Code Execution vulnerability, the TrustedSec Incident Response team has been working closely with our offensive and research teams as they created a working exploit. This has allowed us to create a list of locations and indicators to search for on potentially compromised Citrix ADC hosts. Based on…
Read
On December 17, 2019, Citrix released a critical advisory that allows for remote code execution. Advisories like these come out often for organizations, and critical exposures are nothing new for any company. However, when digging into the remediation step details, this advisory gave a substantial amount of information on the exploit itself. What makes this…
Read
In this blog post, I will discuss SELinux and Auditd, how to use them, how to determine what the default policies are doing, and how to add new ones. For those who do not know what SELinux is, it stands for Security-Enhanced Linux. More details about SELinux can be found in the resources section at…
Read
There is an old rule that if you find yourself doing anything more than twice, you should automate it. For developers, this may be software builds or the environments into which they will be deployed; for penetration testers, it may be the need to create a phishing host or a lab environment for testing. In…
Read