Skip to Main Content

The Security Blog

Get up-to-date security insights, tips, and tricks from our amazing team sent to your inbox.

Browse our blogs

We cover it all in The Security Blog. Discover what you’ve been looking for.

Topics
Author
Blog February 20 2025

Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer

NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…

Read about this article
Blog February 18 2025

Getting Started Using LLMs in Application Testing With an MVP

Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…

Read about this article
Blog February 11 2025

From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops

1.1      IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…

Read about this article
Blog February 06 2025

The Hidden Trap in the PCI DSS SAQ A Changes

The Payment Card Industry Security Standards Council (PCI SSC) just announced a change to Self Assessment Questionnaire A (SAQ A). The change eliminates two…

Read about this article
Blog January 23 2025

Operating Inside the Interpreted: Offensive Python

IntroductionEvery once in a while, I get the urge to go back and revisit older techniques that used to be popular but have fallen out of favor with the…

Read about this article
Blog January 14 2025

Command Line Underdog: WMIC in Action

My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…

Read about this article
Blog January 07 2025

Solving NIST Password Complexities: Guidance From a GRC Perspective

Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness…

Read about this article
Blog December 19 2024

Malware Series: Process Injection Mapped Sections

We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a…

Read about this article
Blog December 17 2024

Top 10 Blogs of 2024

At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…

Read about this article
Blog December 05 2024

On-Demand BOF

From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, CS-Remote-OPs-BOF, and numerous blogs on BOFs, we are excited to release our first…

Read about this article
Blog December 03 2024

Discovering a Deserialization Vulnerability in LINQPad

Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…

Read about this article
Blog November 21 2024

A 5-Minute Guide to HTTP Response Codes

If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…

Read about this article