Big Changes in Store for PCI DSS v4.0, and More!

September 20, 2019 | By:

This week I attended the PCI North American Community Meeting. If you are in the payment security space and haven’t been to a community meeting, I would recommend that you put this on your conference schedule. It’s great to connect with like-minded individuals, including card brands, banks, large customers, vendors, and yes, assessors – both internal (ISAs)…


Cracking the DerbyCon Code

September 18, 2019 | By:

To commemorate the final DerbyCon, TrustedSec did something a little special on our challenge coin. Along the outer edge of the coin was a code, and anyone who could figure it out by DerbyCon’s final day at noon got a prize. I was lucky enough to design the code and was asked by many people…


Attacks on the Rise Through Office 365

September 17, 2019 | By:

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet…


PCI Requirements 101

September 12, 2019 | By:

Having completed several PCI-DSS (Payment Card Industry – Data Security Standard) Reports on Compliance (RoCs) over the past couple of years, I have noticed a consistent pattern on the items needed for the 12 requirements. I have found that there are three basic components to most if not all PCI requirements: Documentation (Policies, Standards, and…


Three Most Common Security Flaws (and How to Fix Them)

August 27, 2019 | By:

When it comes to physical security, the most common things we see are hardware vulnerabilities or human error (through social engineering attacks, failure to follow security guidelines, or no knowledge of security protocols). We have successfully broken into everything from locally run neighborhood shops to banks, power plants, hospitals, factories, law firms, and everything in…


Top 10 MITRE ATT&CK™ Techniques

August 22, 2019 | By:

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to…


Tracing DNS Queries on Your Windows DNS Server

July 16, 2019 | By:

During a recent engagement, I successfully deployed a wildcard Domain Name System (DNS) record in conjunction with Responder. Within minutes, a misconfigured host made a query for a non-existent DNS record and was poisoned into connecting to our Responder instance. Unfortunately, the account was privileged enough that domain compromise was achieved. The techniques and tools…


Mobile Hacking: Using Frida to Monitor Encryption

July 09, 2019 | By:

This post will walk you through the creation of a Frida script that will be used to demonstrate the usage of the Frida Python bindings. The Frida script will be used to monitor encryption calls and capture details about the encryption type and keys in use. We will learn how to send messages from Frida…


Microsoft MVP Awards 2019

July 02, 2019 | By:

Who are MVPs? Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. For more information on this award, visit the Microsoft MVP Overview page. According to Microsoft, MVPs “are always on the ‘bleeding edge’ and have an unstoppable urge to get their hands on new, exciting technologies.”…


On the possibility of obfuscating code using neural networks

June 11, 2019 | By:

In this blog post, I will cover the current state of my research investigating the possibility of using neural networks to hide shellcode. But before we dig in, I will provide a little background information. For those unfamiliar with neural networks, they are a type of computer system design that is inspired by how human…