Recording: The Evolution of Pen Testing

May 31, 2018 | By:

Simulating Real-World Adversaries with Cutting-Edge Research – JOIN TRUSTEDSEC ON June 20th, 2018 AT 1:00 PM EST – Real world attacks don’t always align with previous pen testing techniques – Tools have caught up! The most challenging aspect of security today is understanding the real-world effectiveness of your existing security controls.  With the latest advances in Next Generation (Next…


Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox

May 29, 2018 | By:

This post will be on how to setup and modify Cuckoo to work with a non-supported hypervisor, Proxmox. “Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery…


GRC lead Alex Hamerstone explains credit card chip fraud on 5 On Your Side

May 28, 2018 | By:

TrustedSec GRC lead, Alex Hamerstone, spoke with Cleveland’s 5 On Your Side Consumer Alerts about the ways that credit card chip data is being stolen and used.


PCI v3.2.1 is here!

May 18, 2018 | By:

Version 3.2.1 of the PCI DSS was just released by the PCI Security Standards Council (PCI-SSC). As a minor version, it primarily included clarification updates and one correction to a requirement reference. Most of the changes center around the removal of the January 31st date, which expired this year. Appendix A2.1-A2.3 was updated to focus…


Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian

May 18, 2018 | By:

Cuckoo is written in the programming language Python and utilizes multiple Python libraries. First step is to verify that these libraries are in place and up to date. Cuckoo’s Documentation does a good job of listing the commands, but can be confusing. The following will outline the commands needed to install Cuckoo and provide a…


Malware Analysis is for the (Cuckoo) Birds

May 18, 2018 | By:

There are many different options for malware analysis sandboxes. Most involve submitting samples to an online sandbox and getting a report back. While for the most part this is great, the reports contain the basic information on the type of malware and if it has been seen before. BUT what if you want to know…


How to Leverage Threat and Attack Intelligence in your Risk Assessments

May 17, 2018 | By:

Risk assessments methodologies in general are built before much of the information we have today was available.  Thus, we need to take advantage of the latest advances in threat intelligence and attack intelligence to make security risk assessments more valuable and aligned with real-life.  “What the hell do you know about TCAP?” Based on my…


Bridging the Cybersecurity Culture Clash

October 10, 2017 | By:

Why Derbycon is so good for the security community I had a chance to go to Derbycon for the first time this year.  I was amazed at how great it was and a lot of fun of course, but there was more to it than that. I’ve been to many regional conferences, as well as…


Ensuring Risk Assessments have a (Business) Impact

May 15, 2018 | By:

Risk is a term that gets thrown around quite a bit, and like its distant cousin “pentest”, it has a tendency to be used to describe many very different things. There are many “standard” Risk formulas out in the world today that typically include some combination of the terms Asset, Threat and Vulnerability.  Some of…


The Art of Detecting Kerberoast Attacks

May 10, 2018 | By:

As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light and would make a sound if the light beam…