Three Most Common Security Flaws (and How to Fix Them)

August 27, 2019 | By:

When it comes to physical security, the most common things we see are hardware vulnerabilities or human error (through social engineering attacks, failure to follow security guidelines, or no knowledge of security protocols). We have successfully broken into everything from locally run neighborhood shops to banks, power plants, hospitals, factories, law firms, and everything in…


Top 10 MITRE ATT&CK™ Techniques

August 22, 2019 | By:

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to…


TrustedSec Podcast Episode 3.18 – Live From Vegas!

August 16, 2019 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, and David Boyd In this episode we share what happened in Vegas! Wait is that allowed? Links from the show: Proxmark3 API Induced SSRF…


Going Purple: Measurably improving your security posture with Purple Team engagements

August 05, 2019 | By:

This webinar was recorded on Wednesday, August 21st Adversaries continue to morph tactics and identify new ways of attacking organizations. Whether emulating a perimeter breach or the more popular phishing attack on the user population, it has never been more important to attack patterns and categorize behavior to defend against them. What’s the process and…


TrustedSec Podcast Episode 3.17 – The End of End to End

August 02, 2019 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Alex Hamerstone Title: Kazakhstan’s HTTPS InterceptionURL: https://censoredplanet.org/kazakhstan Author: Ram Sundara Raman1, Leonid Evdokimov, Eric Wustrow2, Alex Halderman1, Roya Ensafi Title: DMARC’s…


Tracing DNS Queries on Your Windows DNS Server

July 16, 2019 | By:

During a recent engagement, I successfully deployed a wildcard Domain Name System (DNS) record in conjunction with Responder. Within minutes, a misconfigured host made a query for a non-existent DNS record and was poisoned into connecting to our Responder instance. Unfortunately, the account was privileged enough that domain compromise was achieved. The techniques and tools…


Webinar: Network Segmentation for the Rest of Us! How to get your segmentation project moving toward zero trust.

July 16, 2019 | By:

This Webinar was recorded on Wednesday, July 24 at 1:00PM Eastern The idea of segmenting your network is not new. However, even in 2019, we still see companies with flat networks ripe for attack. This provides a much greater opportunity for malicious actions or even accidental incidents to occur. The benefits are clear. Splitting up…


Mobile Hacking: Using Frida to Monitor Encryption

July 09, 2019 | By:

This post will walk you through the creation of a Frida script that will be used to demonstrate the usage of the Frida Python bindings. The Frida script will be used to monitor encryption calls and capture details about the encryption type and keys in use. We will learn how to send messages from Frida…


CEO David Kennedy discusses Draft Security on CNBC’s The Exchange

July 08, 2019 | By:

The hacking advisor for the Cleveland Cavaliers, Dave Kennedy joins The Exchange on how NBA franchises are protecting their game strategy and players’ data.


TrustedSec Podcast Episode 3.16 – Pay the Ransoms

July 05, 2019 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, Alex Hamerstone and David Boyd Title: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the HackersURL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/ Author: Renee Dudley and Jeff…