TrevorC2 – Legitimate Covert C2 over Browser Emulation

October 27, 2017 | By:

TrustedSec is proud to announce the release of the TrevorC2 HTTP(s) command and control (C2) open source framework. TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfiltration. There are two components…


A Different Take on Exam Prep: CISSP

September 29, 2017 | By:

I just passed the CISSP examination. I saw what many did to prepare for their exam, and I did something else. I needed something faster to arrive at passing results. First off, the CISSP is “Certified Information Systems Security Professional”. It is an advanced credential requiring not just a passing exam score, but also dedicated…


Full Disclosure: JitBit Helpdesk Authentication Bypass 0-Day

September 29, 2017 | By:

Summary An authentication bypass issue was discovered in JitBit Help Desk Software v8.9.11 in October of 2016. This issue was reported to the vendor, and after several communications and numerous updated releases, the software is still vulnerable. JitBit Help Desk Software is a popular ticketing system which boasts some well-known clients. Details It is possible…


Ruby ERB Template Injection

September 13, 2017 | By:

Written by Scott White & Geoff Walton Templates are commonly used both client and server-side for many of today’s web applications.  Many template engines are available in several different programming languages.  Some examples are Smarty, Mako, Jinja2, Jade, Velocity, Freemaker, and Twig.  Template injection is a type of injection attack that can have some particularly…


Using WinRM Through Meterpreter

September 07, 2017 | By:

Windows Remote Management (WinRM) is Microsoft’s implementation of the WS-Management (WSMan) protocol, which is used for exchanging management data between machines that support it. WSMan, in the case of Windows, supplies this data from WMI and transmits them in the form of SOAP messages. More info here. Why is any of this important to you?…


GDPR // Five Important Considerations

August 21, 2017 | By:

The EU General Data Protection Regulation (GDPR) is a regulation that was approved in 2016 and scheduled to be enforced by May 25, 2018. Many customers ask, what is GDPR? It was developed to strengthen the rights of individuals in the European Union (EU). The regulation was implemented to control EU citizens’ personal data and…


Attacking Self-Hosted Skype for Business/Microsoft Lync Installations

August 11, 2017 | By:

TL;DR: How to attack self-hosted Skype for Business (Lync) servers. If you’re using O365 wait for the next post. Note: For the sake of brevity throughout this post, Skype for Business and Microsoft Lync will both be referred to under the umbrella designation of ‘Skype4B’. When companies choose to host Skype for Business (previously Microsoft…


TrustedSec Expands with Four New Additions

August 08, 2017 | By:

TrustedSec continues to grow based on reputation, brand, and most importantly the services we provide to our customers. We have added four amazing new members for both the Force team (our technical crew) and the Advisory Services (PCI, Office of CISO, and Risk Assessment) group. New additions to the team (alphabetical order): Jason Lang (@curi0usJack),…


PCI Inventory List of Assets

August 08, 2017 | By:

The Payment Card Industry Data Security Standard (PCI DSS) requires that an inventory of system components (PCI Req. 2.4: Complete Inventory List) is maintained. This requirement was a requirement as of PCI DSS 3.0. Good governance would suggest that maintaining these documents are part of the process of onboarding and offboarding applications, systems, etc. Maintaining…


New Tool Release: NPS_Payload

July 23, 2017 | By:

Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very reliable in allowing us to gain a shell on a host in…