On the possibility of obfuscating code using neural networks

June 11, 2019 | By:

In this blog post, I will cover the current state of my research investigating the possibility of using neural networks to hide shellcode. But before we dig in, I will provide a little background information. For those unfamiliar with neural networks, they are a type of computer system design that is inspired by how human…


Is Ohio Senate Bill 220 an Example for the Other 49 States?

May 16, 2019 | By:

Passing with 24 yeas and 8 nays, effective as of November 2, 2018, Ohio Senate Bill 220 was touted as a way to use the ‘carrot approach’ for organizations to increase cybersecurity. This incentive was to encourage the shielding of data breach liability for organizations in certain situations. Excerpts from the bill are provided below….


Owning O365 Through Better Brute-Forcing

May 14, 2019 | By:

TL;DR: User Enumeration is key. Done enumerating? Do more. The classic passwords still work. Once you get some credentials, get more. Office 365 (O365) has become a trend in organizations. More and more, administrators are offloading their mail to The Cloud™. No longer are admins shackled to their Exchange servers, executing patch after patch in…


Next Gen Phishing – Leveraging Azure Information Protection

April 25, 2019 | By:

In this blog post, I will go over how to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker. The idea came during an engagement where I was having trouble getting phishing emails into users’ inboxes without being caught by a sandbox on the way. During this engagement, it…


Invoice Fraud is Soaring – What you need to know

April 23, 2019 | By:

Organizations are losing thousands—and sometimes millions—of dollars from invoice fraud, which is also known as Business Email Compromise (BEC). At TrustedSec, we have seen a marked uptick in panicked, embarrassed, and/or angry folks reaching out to us for Incident Response and forensics work following a scam. Sometimes, organizations are able to recover some or all…


Indicators of Compromise – Hunting for Meaning (Part 2)

April 11, 2019 | By:

In part one of this blog post series, we briefly looked at why IoC threat data enrichment is important, the value of knowing who your enemy is, and the process of turning threat data into threat intelligence. If you haven’t had a chance to read the first part of this series, take a few minutes…


Indicators of Compromise – Hunting for Meaning (Part 1)

April 09, 2019 | By:

By the time an Incident Response consultant is contacted, the security event in question is already in motion. So, the goals become: rapid triage, assist in identifying the related threat risks, and make every effort to identify the threat actors involved. Attribution is very difficult when dealing with seasoned and well-funded threat actors, but it…


Six Crucial Network Segmentation Actions

March 26, 2019 | By:

We are constantly barraged with new technologies and techniques for securing the enterprise. Every new thing we are told is crucially important, and if you don’t master all of it now, you are the next breach headline. It is intimidating to say the least. It is easy to look past the basics of securing the…


Five Thoughts on Securing Multi-Cloud Environments

March 19, 2019 | By:

As its name suggests, a multi-cloud environment is a network that utilizes the services of more than one cloud provider. There are many different ways that multi-cloud infrastructures can be designed and a primary topic of discussion is how to properly secure these environments.  No single cloud service provider has the best environment for every…


Top Six Security and Risk Management Questions

March 12, 2019 | By:

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…