Credential Re-Use in the Enterprise

July 03, 2018 | By:

Many of our customers follow the best practice of creating separate accounts for day-to-day tasks and administrative ones. In the event of an attack, using separate accounts is often a great way to slow things down and give security teams a little extra time for discovery and identification of an attack. Because many attacks happen…


First Came the GDPR, Now Comes “The California Consumer Privacy Act of 2018”

June 29, 2018 | By:

If you count California residents amongst your customers, or those whose data you have (and given that California is one of the 10 largest economies in the world, there is a good chance that you do), it is likely that The California Consumer Privacy Act of 2018 could significantly change the way that you must…


Another Standard to Keep in Mind

June 28, 2018 | By:

In TrustedSec’s Advisory division, one question we often hear is, “how can we prioritize our information security efforts?” It is not surprising, as there are many things organizations can and often should be doing from an information security perspective, but there are only so many hours in the day, and so many dollars in the…


Enumerating Anti-Sandboxing Techniques

June 19, 2018 | By:

Fighting/writing malware is very much a cat and mouse game. One of several techniques used by Anti-Virus/EDR solutions is to detonate payloads in a sandbox and watch what happens. To combat this, malware writers (and pentesters) have been including checks in their payloads to identify when running in a sandbox to evade detection. However, these…


Weaponizing .SettingContent-ms Extensions for Code Execution

June 15, 2018 | By:

Matt Nelson (@engima0x3) from SpecterOps recently released a blog post on leveraging a newly discovered filetype extension with the possibility of command execution. This was a fantastic blog, and as attackers, we typically try to find multiple ways to execute code from different delivery systems. This blog is leveraging the awesome research from Matt and…


From Scans to Adversary Emulation, Pentesting is Evolving Rapidly

June 14, 2018 | By:

Traditional pentesting is evolving as many companies are rapidly maturing their information security programs. Additionally, improvements in operating system hardening, endpoint protection agents, and security appliances are raising the bar for successful compromise and lateral movement. If you talk with pentesters across the industry, you will hear more and more positive stories about client security…


How to Set Up a Quick, Simple WebDAV Server for Remote File Sharing

June 08, 2018 | By:

Dropping payloads to disk is often risky, not only from an Operations Security (OPSEC) standpoint, but it’s also more likely to trigger AV. To avoid exposing ourselves to these risks, it’s often more desirable to reference a file from a remote location. One method of doing this is to make use of WebDAV, a service…


Optimizing and Customizing Phishing Campaigns using Caddy

June 07, 2018 | By:

Introduction Over the past year, I’ve begun to regularly utilize a number of techniques designed to increase the overall sophistication of my phishing campaigns. What I ended up realizing was that while these techniques did, in fact, increase the volatility of my campaigns, they also added a significant amount of configuration, management, and system administration…


Penetration Testing has gotten tougher – and why that increases your risk

June 04, 2018 | By:

There’s been a radical shift in the assessment industry over the last couple of years. We’ve all probably heard that Artificial Intelligence, Machine Learning, User and Entity Behavioral Analysis, Analytics, Detection and Response tools, etc., are advancing and improving defensive postures.  According to Gartner, annual spending on defensive security technology will exceed $82 Billion dollars…


Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox

May 29, 2018 | By:

This post will be on how to setup and modify Cuckoo to work with a non-supported hypervisor, Proxmox. “Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery…