Bridging the Cybersecurity Culture Clash

October 10, 2017 | By:

Why Derbycon is so good for the security community I had a chance to go to Derbycon for the first time this year.  I was amazed at how great it was and a lot of fun of course, but there was more to it than that. I’ve been to many regional conferences, as well as…

Ensuring Risk Assessments have a (Business) Impact

May 15, 2018 | By:

Risk is a term that gets thrown around quite a bit, and like its distant cousin “pentest”, it has a tendency to be used to describe many very different things. There are many “standard” Risk formulas out in the world today that typically include some combination of the terms Asset, Threat and Vulnerability.  Some of…

The Art of Detecting Kerberoast Attacks

May 10, 2018 | By:

As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light and would make a sound if the light beam…

Building Upon Core Security & Risk Definitions

May 07, 2018 | By:

Security is evolving. That’s not news, but as it is happening not everyone can keep up with what that means.  This is especially true for those who have embraced maturing their risk and security programs, while still getting traditional assessments which have become commoditized and oftentimes not as valuable as they used to be.    These…

Malware: Linux, Mac, Windows, Oh My!

April 26, 2018 | By:

While going through APT write-ups, I’ve been noticing a lot of focus on detecting Windows malware, so we will skip over that. One thing that I haven’t seen much of online, though, is how to hunt for adversaries on Linux systems. For that reason, this blog post will be all about how you can look…

It Was the “Summerof2018” – Password Auditing for Windows Administrators

April 19, 2018 | By:

by Costa Petros IT departments around the globe spend countless hours and money ensuring that their company’s data and infrastructure are properly secured. Startup company? Install a firewall and maybe get an antivirus subscription. Past the startup phase? Upgrade your firewall to have an Intrusion Prevention Sensor (IPS) and/or maybe an Intrusion Detection Sensor (IDS)….

GDPR (General Data Protection Regulation) – FAQ

April 18, 2018 | By:

by Jonathan White   My goodness! D-Day, May 25 is right around the corner! GDPR is thought by many to be the regulation of regulations approved in 2016 and scheduled to be enforced by May 25, 2018.  Many customers are still asking, What is GDPR? At a very basic level, GDPR is the General Data…

Recording: Facebook’s Data Scandal and GDPR – How IT Impacts You

April 03, 2018 | By:

JOIN TRUSTEDSEC ON APRIL 18, 2018 AT 1:00 PM EST The General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679) has many organizations “gnashing their teeth” trying to become compliant. And if you think this Facebook’s privacy debacle doesn’t have anything to do you, think again: Unlike PCI, whose standards affect their own customers and thus…

CORS Findings: Another Way to Comprehend

April 02, 2018 | By:

by Ryan Leese   When I first started learning about Cross Origin Resource Sharing (CORS) as it applies to web application pentesting, I found it was difficult to gather information needed to fully grasp the security implications of common CORS misconfigurations. (Spoiler: If Burp Suite lights up red like below, things can get pretty ugly!)…

Magic Unicorn v3.0 Released

March 23, 2018 | By:

TrustedSec is proud to announce the release of Magic Unicorn v3. This release incorporates one of the largest additions to Unicorn in three years. This version adds several enhancements including support for Cobalt Strike beacon into the PowerShell evasion framework built into Unicorn. In addition, Unicorn now supports your own shellcode to be inserted into…