Control Tower Pivoting Using the Default Role

June 15, 2023

Introduction The cloud security landscape for AWS has continued to evolve each year to become a complex set of products and best practices with the goal of maintaining a mature security posture. AWS Organizations was released in 2017[1] and has been a major solution to aid in managing the multi-account AWS environment that the cloud…

Read

Better Hacking Through Cracking: Know Your Rules

April 21, 2023

THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…

Read
Azure AD Kerberos on the TrustedSec Security Blog

Azure AD Kerberos Tickets: Pivoting to the Cloud

February 9, 2023

If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…

Read

Common Conditional Access Misconfigurations and Bypasses in Azure

October 4, 2022

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

Read
Five Thoughts on Securing Multi-Cloud Environments graphic

Five Thoughts on Securing Multi-Cloud Environments

March 19, 2019

As its name suggests, a multi-cloud environment is a network that utilizes the services of more than one cloud provider. There are many different ways that multi-cloud infrastructures can be designed and a primary topic of discussion is how to properly secure these environments.  No single cloud service provider has the best environment for every…

Read
  • Browse by Category

  • Clear Form