The Social-Engineer Toolkit (SET) v7.3 “Underground” released.

July 27, 2016 | By:

TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v7.3 codename “Underground”. This version is a complete rewrite of the SMS spoofing module and now uses the awesome folks over at as the main provider. The API fully integrates into theirs and allows you to spoof text messages directly through SET….

The PenTesters Framework (PTF) v1.8 “Tool Depot” Released

July 22, 2016 | By:

TrustedSec is proud to release the PenTesters Framework (PTF) v1.8 codename “Tool Depot” for public release. This version has a number of enhancements including a total of a 140 security testing tools available through the framework. One of the most notable is the recoding of the Metasploit installation from a custom git handler to the…

Happy Birthday TrustedSec!

July 11, 2016 | By:

Today marks the 4-year anniversary of when TrustedSec opened its doors. I work with the best people and friends and that is not an exaggeration. Not many people know the story of how TrustedSec was started. I was sitting in my office at a Fortune 1000 as a CSO running an amazing team and had…

New Release: The Social-Engineer Toolkit (SET) v7.2 “Wine and Gold”

June 28, 2016 | By:

Today we release a new version of the Social-Engineer Toolkit (SET) v7.2 codename: “Wine and Gold”. For non-Cavs or non sports ball fans – apologies but couldn’t resist. This version has a number of enhancements and additions and represents over two months worth of development. Based on the show “Mr. Robot” which we think is…

OBD-II Break-Out Box (DIY Edition)

June 27, 2016 | By:

This blog was written by Jason Ashton, Security Consultant – TrustedSec When assessing a vehicle’s various electronic systems, the primary interface is the On-Board Diagnostics (OBD-II) port. This provides the connection to interface with the vehicle’s CANBus, among others. The CANBus has been utilized in vehicles within the US since the 90s and has been…

Introduction to GPU Password Cracking: Owning the LinkedIn Password Dump

June 17, 2016 | By:

This blog was written by Martin Bos, Senior Principal Security Consultant – TrustedSec Unless you’ve been living under a rock for the past few months you have probably heard about the dump from the 2012 LinkedIn hack being released.  TrustedSec was able to acquire a copy of the list and use it for research purposes. Our…

The Social-Engineer Toolkit (SET) v7.1 “Blue Steel” Released

April 25, 2016 | By:

TrustedSec is proud to announce the release of the Social-Engineer Toolkit (SET) v7.1 “Blue Steel”. This release incorporates a lot of new additions, improvements, and bug fixes. The most exciting feature is a large rewrite of the MSSQL Bruter attack vector. Originally this was written using impacket and the TDS module. This has been re-written…

The Hacker Vaccine – 100% Protection Against Hackers

April 01, 2016 | By:

TrustedSec has been working feverishly to understand what true cyber pathogens face corporations around the world. After years of analyzing major sophisticated hackers and their techniques, we have finally developed artificial intelligence aimed at combating the threats of every type of actor in this world. Today we release a new tool that combats the cyber…

SHIPS version 2 Released! (major release)

March 16, 2016 | By:

The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a…

WMI Post Exploitation

March 08, 2016 | By:

We’ve talked about using WMI to execute commands remotely, instead of using PSEXEC. We even released a script that will automate obtaining a Meterpreter shell through WMI calls. I’ve recently stumbled upon a script that includes all of these functions an more and it has become my favorite post-exploitation tool. It’s multi-threaded, contains no local…