Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Trimarc Joins TrustedSec: Strengthening Our Commitment to Security
Play We’re excited to share some big news: Trimarc Security is now fully operating under TrustedSec! This marks a significant step forward in our mission to…
Are Attackers "Passing Through" Your Azure App Proxy?
TL;DR - Azure app proxy pre-authentication set to Passthrough may unintentionally expose private network resources.Microsoft’s Azure app proxy allows for…
Abusing Windows Built-in VPN Providers
Some interesting things happen when you connect to a virtual private network (VPN). One that recently caught my interest is updates to the routing table.…
Measuring the Success of Your Adversary Simulations
Adversary Simulations (“AdSim” or “Red Teams”) represent a serious commitment on the part of an organization. In the United States, AdSim engagements are…
The Hidden Trap in the PCI DSS SAQ A Changes
Implementing requirements 6.4.3 and 11.6.1, or using a WAF to protect against script-based attacks, to meet PCI SSC's new eligibility criterion for SAQ A…
A Threat Hunter’s Guide to Decoding the Cloud
This blog will guide you through how to be a successful threat hunter in cloud environments, along with some helpful tips and advice.
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
Getting Started Using LLMs in Application Testing With an MVP
Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
1.1 IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…
Operating Inside the Interpreted: Offensive Python
Discover how to use Python for malicious purposes on Windows, leveraging its ease of installation and existing tradecraft to evade detection and deploy malware…
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…
Solving NIST Password Complexities: Guidance From a GRC Perspective
Understand NIST's Digital Identity Guidelines for secure password implementation and access control, ensuring risk-based authentication and minimizing breaches…
Trimarc Joins TrustedSec: Strengthening Our Commitment to Security
Play We’re excited to share some big news: Trimarc Security is now fully operating under TrustedSec! This marks a significant step forward in our mission to…
Are Attackers "Passing Through" Your Azure App Proxy?
TL;DR - Azure app proxy pre-authentication set to Passthrough may unintentionally expose private network resources.Microsoft’s Azure app proxy allows for…
Abusing Windows Built-in VPN Providers
Some interesting things happen when you connect to a virtual private network (VPN). One that recently caught my interest is updates to the routing table.…
Measuring the Success of Your Adversary Simulations
Adversary Simulations (“AdSim” or “Red Teams”) represent a serious commitment on the part of an organization. In the United States, AdSim engagements are…
The Hidden Trap in the PCI DSS SAQ A Changes
Implementing requirements 6.4.3 and 11.6.1, or using a WAF to protect against script-based attacks, to meet PCI SSC's new eligibility criterion for SAQ A…
A Threat Hunter’s Guide to Decoding the Cloud
This blog will guide you through how to be a successful threat hunter in cloud environments, along with some helpful tips and advice.
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
Getting Started Using LLMs in Application Testing With an MVP
Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
1.1 IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…
Operating Inside the Interpreted: Offensive Python
Discover how to use Python for malicious purposes on Windows, leveraging its ease of installation and existing tradecraft to evade detection and deploy malware…
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…
Solving NIST Password Complexities: Guidance From a GRC Perspective
Understand NIST's Digital Identity Guidelines for secure password implementation and access control, ensuring risk-based authentication and minimizing breaches…