Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Malware Series: Process Injection Mapped Sections
This post explains a common malware technique using shared memory sections to inject and execute code in a remote process, demonstrating the process in C and…
Top 10 Blogs of 2024
At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…
On-Demand BOF
Learn from the experts at TrustedSec on-demand, build BOFs with confidence, and gain hands-on experience with two previously unreleased tools, including a…
Discovering a Deserialization Vulnerability in LINQPad
Discovering a Deserialization Vulnerability in LINQPad, written by James Williams, reveals a novel deserialization vulnerability in a.NET application with over…
A 5-Minute Guide to HTTP Response Codes
If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…
Attacking JWT with Self-Signed Claims
Understanding JWS vulnerabilities and how to exploit them is crucial for securing applications and APIs that use JSON Web Tokens (JWTs).
EKUwu: Not just another AD CS ESC
Using default version 1 certificate templates, an attacker can exploit a vulnerability (EKUwu) to generate certificates that bypass security controls,…
Detecting CVE-2020-0688 Remote Code Execution Vulnerability on Microsoft Exchange Server
Exploiting Indicators of Compromise: Understanding SYSMON, IIS Logs, and Process Execution for Enhanced Security.
Android Hacking for Beginners
Bypass Android security measures to access sensitive data and transfer funds with this step-by-step guide to exploiting vulnerabilities in the Damn Vulnerable…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
This post explains how.NET deserialization can be used to backdoor a workstation with Specula, making it a valuable resource for Red Team operations.
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
Loading...