Achieving Passive User Enumeration with OneDrive

February 18, 2020

This post was written by @nyxgeek Microsoft recently fixed a beloved user enumeration vulnerability in Office 365 that I routinely used to gain valid credentials for the last couple of years (https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/). Microsoft still hasn’t changed its official stance on user-enumeration-as-a-bug (they say it’s NOT a problem), and the company opted to fix this latest…

Read

Why We Are Launching the TrustedSec Sysmon Community Guide

February 6, 2020

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

Read

SIGINT to Synthesis

January 28, 2020

Not too long ago, I was at a hardware store and I came across some lights that I wanted to play with because I had a feeling they could be fun for Halloween and make for a decent blog post. Before I purchased the lights, I looked at their online manual and checked to see…

Read

Finding a Privilege Escalation in the Intel Trusted Connect Service Client

January 21, 2020

In this post, we will cover a privilege escalation that I found in the Intel Trusted Connect Service Client. The Connect Service Client is part of Intel Management Engine Components and is designed to permit a non-privileged user to become system. After communicating with Intel about the vulnerability, it was discovered that this was already…

Read

NetScaler Honeypot

January 13, 2020

The Citrix NetScaler remote code execution vulnerability (CVE-2019-19781) has been a pretty popular topic over the last few weeks. Once public exploits of the vulnerability started to appear in the wild, TrustedSec deployed a Citrix NetScaler honeypot. We did not have to wait long for the attacks to begin. Less than 24 hours after deployment,…

Read

NetScaler Remote Code Execution Forensics

January 10, 2020

With the recent Citrix ADC (NetScaler) CVE-2019-19781 Remote Code Execution vulnerability, the TrustedSec Incident Response team has been working closely with our offensive and research teams as they created a working exploit. This has allowed us to create a list of locations and indicators to search for on potentially compromised Citrix ADC hosts. Based on…

Read

Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

January 10, 2020

On December 17, 2019, Citrix released a critical advisory that allows for remote code execution. Advisories like these come out often for organizations, and critical exposures are nothing new for any company. However, when digging into the remediation step details, this advisory gave a substantial amount of information on the exploit itself. What makes this…

Read

Rekt by the REX

January 9, 2020

The request-to-exit (REX) passive infrared (PIR) sensor. You know the one. Spray canned air or smoke in its face, it becomes disoriented and unlocks the door. Spit a mist of alcohol in its face, it gets a buzz and unlocks the door. The butt of many “jokes” for how easily it provides unauthorized entry, but…

Read

SELinux and Auditd

January 7, 2020

In this blog post, I will discuss SELinux and Auditd, how to use them, how to determine what the default policies are doing, and how to add new ones. For those who do not know what SELinux is, it stands for Security-Enhanced Linux. More details about SELinux can be found in the resources section at…

Read

Red Team Engagement Guide: How an Organization Should React

December 5, 2019

A lengthy Red Team engagement is coming. What should the defense do if they catch the offense? Reimage systems? Notify and allow? What is the course of action that allows the engagement to proceed and deliver maximum value to the organization? These can be difficult questions to answer, but ones that companies procuring these tests…

Read
  • Browse by Category

  • Clear Form