Creating a Malicious Azure AD OAuth2 Application

October 12, 2021

THIS POST WAS WRITTEN BY @NYXGEEK I decided to write this blog because I’ve seen a lot of articles mentioning that attackers will use a malicious OAuth web app with Azure AD, but I hadn’t actually seen much in the way of good examples of doing so. I’m sure I will find a dozen fantastic examples…

Read

Update: The Defensive Security Strategy

September 9, 2021

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Introducing iHide – A New Jailbreak Detection Bypass Tool

September 2, 2021

Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check out the code and build/install it yourself if you prefer. Once installed, iHide will add…

Read

Real or Fake? When Your Fraud Notice Looks Like a Phish

June 3, 2021

So I Received a Phishing Email… I recently received an email indicating my credit card number had potentially been stolen and used for fraud. At this point, I am used to both having my credit card number stolen and receiving messages telling me it’s been stolen when it has not. My attempt to determine whether…

Read

Simple Data Exfiltration Through XSS

May 11, 2021

During a recent engagement, I found a cross-site scripting (XSS) vulnerability in a legal document management application and created a quick and dirty document exfiltration payload. Unfortunately, this discovery and coding happened on the final day of the engagement (*cough* reporting bonus hacking day), and I didn’t have a chance to actually put the exfiltrated…

Read

Companies on High Alert for Unemployment Fraud

April 15, 2021

Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult…

Read

4 Free Easy Wins That Make Red Teams Harder

December 10, 2020

In this post, I will cover some easy things that defenders can do to make it harder for attackers to succeed. As you all know, there is never a silver bullet when it comes to security, so these tips will only make it harder for attackers by focusing on the basics, and sometimes, that helps…

Read

Adventures in Phishing Email Analysis

June 18, 2020

Opening Phishing attacks are a daily threat to all organizations and unfortunately, they are one of the hardest threats to protect against. No matter how many defensive layers an organization has put in place following best practice defense-in-depth design, it only takes one (1) user to click on that malicious link or open that weaponized…

Read

A Beginner’s Guide to Staying Safe/Anonymous Online

May 21, 2020

What is OSINT? It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can…

Read
hacker blog graphic

Next Gen Phishing – Leveraging Azure Information Protection

April 25, 2019

In this blog post, I will go over how to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker. The idea came during an engagement where I was having trouble getting phishing emails into users’ inboxes without being caught by a sandbox on the way. During this engagement, it…

Read
  • Browse by Category

  • Clear Form