Webinar: Facebook’s Data Scandal and GDPR – How IT Impacts You

April 03, 2018 | By:

JOIN TRUSTEDSEC ON APRIL 18, 2018 AT 1:00 PM EST The General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679) has many organizations “gnashing their teeth” trying to become compliant. And if you think this Facebook’s privacy debacle doesn’t have anything to do you, think again: Unlike PCI, whose standards affect their own customers and thus…


CORS Findings: Another Way to Comprehend

April 02, 2018 | By:

by Ryan Leese   When I first started learning about Cross Origin Resource Sharing (CORS) as it applies to web application pentesting, I found it was difficult to gather information needed to fully grasp the security implications of common CORS misconfigurations. (Spoiler: If Burp Suite lights up red like below, things can get pretty ugly!)…


Magic Unicorn v3.0 Released

March 23, 2018 | By:

TrustedSec is proud to announce the release of Magic Unicorn v3. This release incorporates one of the largest additions to Unicorn in three years. This version adds several enhancements including support for Cobalt Strike beacon into the PowerShell evasion framework built into Unicorn. In addition, Unicorn now supports your own shellcode to be inserted into…


GDPR: Chip away at the stone

March 21, 2018 | By:

In our work with clients on the General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679), we have generally not seen organizations accomplish full compliance all at once. Instead of a full-on project, the actions we’ve seen have been addressed a little at a time. One client said they were just “chipping away at the stone,”…


Take Your Employees Phishing!

March 05, 2018 | By:

Because Phishing attacks are becoming more advanced in their exploitation of social engineering techniques, it may be overwhelming to attempt a defense against them. Technical defenses can work hard to shield your employees from being targeted by large phishing expeditions, but user awareness is key in protecting an organization against phishing attacks. Below I will…


Carlos Perez (darkoperator) joins the TrustedSec team!

February 19, 2018 | By:

TrustedSec is proud to announce the hiring of Carlos Perez (@Carlos_Perez) to run the Research and Development team. At TrustedSec, we continue to expand our tooling, capabilities, and talent within the organization. With the addition to Carlos coming aboard, we continue to hire specialized, passionate, and highly skilled people. Carlos has been a friend for…


Hide Yo Servers, Hide Yo Data . . .

February 14, 2018 | By:

Companies spend millions of dollars to protect their data in the forms of firewalls, antiviruses, spam filters, web content filters, multi-factor authentication, and so on. But what about physical security? Most companies will have a badge system to grant employees access to the facility. Main entrances will have a receptionist or sometimes a security guard…


How to Choose a PCI QSA

February 12, 2018 | By:

As of writing this article, there are currently 378 PCI QSA Companies worldwide that are certified by the PCI Council. That is quite a selection to narrow your choices. So what do you look for in good qualities to partner with? What attributes do you form that basis on? Throughout this blog, we are going…


New PCI Controls and What You Should Know

February 07, 2018 | By:

It is finally here: the forward-dated controls that have been in existence since the release of version 3.2 of the PCI Data Security Standard, from April 2016. Hopefully, by now, you have had a chance to review them, but if you haven’t we are going to take a deep dive on each of the new…


Public Release of Hate_Crack – Automated Hash Cracking Techniques with HashCat

February 01, 2018 | By:

Today we are releasing hate_crack to unleash the power of hashcat to the community. Unless you’re deeply into hash cracking, you most likely aren’t aware of the several different attack modes built into hashcat, such as: Mask Attack Fingerprint Attack Combinator Attack Hybrid Attack Martin Bos covered several of these attacks in a previous post,…