Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this…
Read
TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do…
Read
For many of us, working from home is here to stay, but it does come with its own challenges. This article contains some of the best tips and tricks from TrustedSec consultants on how to stay focused at home. Set an alarm to start and stop working Alarms can be set in shorter intervals, to…
Read
Hidden cameras, spy cameras, nanny cams—whatever you call them, you are under surveillance much more than you may realize. While outdoor perimeter cameras and doorbell cameras are commonplace and have been used for quite some time to monitor property, other nefarious hidden cameras are popping up all over the place. Generally, any camera placed inside…
Read
Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…
Read
To commemorate the final DerbyCon, TrustedSec did something a little special on our challenge coin. Along the outer edge of the coin was a code, and anyone who could figure it out by DerbyCon’s final day at noon got a prize. I was lucky enough to design the code and was asked by many people…
ReadTrustedSec gathered the following statistics based upon the 2015 DerbyCon CTF from Sept 25-27. The statistics reveal some interesting points. For instance the fact that approximately 74% of the teams or accounts that were registered found at least one valid flag. Some of the other statistics are provided below. Teams/Accounts Registered: 154 (114 or ~74%…
ReadWe’re happy to announce the completion of another successful DerbyCon CTF. Congratulations to the prizewinners and all others who participated. Hopefully you had as much fun playing as we did creating the challenges. If you participated the past couple of years as well, you should have noticed some welcome improvements to the scoreboard that were…
ReadThe DerbyCon CTF was a huge hit for this year’s 3.0 con. Below is a screen shot of the winners from the CTF. For the html version of the CTF, visit this link here: Link to the CTF
Read