Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Malware Series: Process Injection Mapped Sections
We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a…
Top 10 Blogs of 2024
At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…
On-Demand BOF
From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, CS-Remote-OPs-BOF, and numerous blogs on BOFs, we are excited to release our first…
Discovering a Deserialization Vulnerability in LINQPad
Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…
A 5-Minute Guide to HTTP Response Codes
If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…
Attacking JWT with Self-Signed Claims
JSON Web Tokens (JWTs) are a widely used format for applications and APIs to pass authorization information. These tokens often use a JSON Web Signature (JWS)…
EKUwu: Not just another AD CS ESC
Update November 12, 2024 - This vulnerability has been patched. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019This post was originally…
Detecting CVE-2020-0688 Remote Code Execution Vulnerability on Microsoft Exchange Server
In February 2020, Microsoft released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an…
Android Hacking for Beginners
1.1 Prerequisites Set Up an Android Lab: https://www.trustedsec.com/blog/set-up-an-android-hacking-lab/ Burp Suite: https://portswigger.net/burp DVBA…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET…
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
Loading...