TrevorC2 – Legitimate Covert C2 over Browser Emulation

October 27, 2017 | By:

TrustedSec is proud to announce the release of the TrevorC2 HTTP(s) command and control (C2) open source framework. TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfiltration. There are two components…


After Las Vegas shooting, Nevada officials go after sham websites seeking donations – Fox News, Featuring Alex Hamerstone

October 12, 2017 | By:

The Nevada Attorney General’s office is investigating reports of fake online charities collecting donations on behalf of victims that were killed or wounded at a shooting at a country music festival in Las Vegas Oct. 1. Officials are partnering with GoFundMe and other social media sites to take down these fraudulent pages. There has been…



Anyone who uses Social Security Numbers for security is crazy… – Yahoo Finance, Featuring Alex Hamerstone

October 03, 2017 | By:

The Equifax hack that compromised 143 million Social Security numbers didn’t just destroy the country’s trust in credit bureaus; it also most certainly killed the use of SSNs for security and identity authentication. The nine-digit SSN has been used for this purpose for years. Typically, the last six digits of a SSN are used because…


A Different Take on Exam Prep: CISSP

September 29, 2017 | By:

I just passed the CISSP examination. I saw what many did to prepare for their exam, and I did something else. I needed something faster to arrive at passing results. First off, the CISSP is “Certified Information Systems Security Professional”. It is an advanced credential requiring not just a passing exam score, but also dedicated…


Full Disclosure: JitBit Helpdesk Authentication Bypass 0-Day

September 29, 2017 | By:

Summary An authentication bypass issue was discovered in JitBit Help Desk Software v8.9.11 in October of 2016. This issue was reported to the vendor, and after several communications and numerous updated releases, the software is still vulnerable. JitBit Help Desk Software is a popular ticketing system which boasts some well-known clients. Details It is possible…


DHS vs. Kaspersky Lab: Why the US government is ditching the Russian software giant. – Fox News, Featuring Alex Hamerstone

September 14, 2017 | By:

The Department of Homeland Security’s decision to ban federal agencies and departments from using products from Moscow-based cybersecurity firm Kaspersky Lab comes as no surprise, say security experts.  Officials say that the prominent company poses a threat to U.S. national security and have given government agencies and departments 90 days to get rid of Kaspersky…


Ruby ERB Template Injection

September 13, 2017 | By:

Written by Scott White & Geoff Walton Templates are commonly used both client and server-side for many of today’s web applications.  Many template engines are available in several different programming languages.  Some examples are Smarty, Mako, Jinja2, Jade, Velocity, Freemaker, and Twig.  Template injection is a type of injection attack that can have some particularly…


How to Stop the Next Unstoppable Mega-Breach or Slow it Down – Wired, Featuring Alex Hamerstone

September 12, 2017 | By:

The recent, massive Equifax data breach, which put 143 million US consumers’ personal data at risk—including names, Social Security numbers, birth dates, addresses, and some drivers license and credit card numbers—drove home the dangers facing any organization that stores a valuable trove of data. But awareness alone hasn’t stopped or even slowed the recent slate of mega-breaches,…


Using WinRM Through Meterpreter

September 07, 2017 | By:

Windows Remote Management (WinRM) is Microsoft’s implementation of the WS-Management (WSMan) protocol, which is used for exchanging management data between machines that support it. WSMan, in the case of Windows, supplies this data from WMI and transmits them in the form of SOAP messages. More info here. Why is any of this important to you?…