Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 3
Related RequirementsThis is part three (3) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 2
Risk RankingThis is part two (2) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities.…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 1
Vulnerability IdentificationPCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities, and its predecessors in previous…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
Observations From Business Email Compromise (BEC) Attacks
Since joining TrustedSec, I have gotten to work numerous cases, and each of them is like unraveling a mystery to get at the truth—especially the situations…
From Chaos to Clarity: Organizing Data With Structured Formats
1.1 IntroductionAbout a year ago, we introduced a logging utility into our internal tooling on the Targeted Operations team to standardize how we output…
Securing Sensitive Data: How Ransomware Challenges the Healthcare Industry
The healthcare industry is a prime target for ransomware attacks due to the critical nature of its services and the sensitive data it handles. This blog post…
From Error to Entry: Cracking the Code of Password-Spraying Tools
IntroductionFirst things first, all of the tools in this blog post are really great tools and I have used most of them. (Thanks to the authors of the tools to…
Failure to Restrict URL Access: It’s Still a Thing
Here are some brief thoughts about an old issue. If you are a full-time application security professional, stop reading. You know all about this, you know…
Introducing PCI's New Self-Assessment Questionnaire
The PCI DSS 4.0 transition deadline is approaching on April 01, 2024, and we have a new type of reduced-scope self-assessment questionnaire (SAQ) to go with…
Unwelcome Guest: Abusing Azure Guest Access to Dump Users, Groups, and more
Abusing Guest Access: Dumping User Lists and Group Membership with Guest Access in Azure ADThis post will walk through a user, group, and application…
Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
Recently, I’ve seen an uptick in interest in compile-time obfuscation of native code through the use of LLVM. Many of the base primitives used to perform these…
Loading...