Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Android Hacking for Beginners
1.1 Prerequisites Set Up an Android Lab: https://www.trustedsec.com/blog/set-up-an-android-hacking-lab/ Burp Suite: https://portswigger.net/burp DVBA…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET…
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
EKUwu: Not just another AD CS ESC
TL;DR - Using built-in default version 1 certificate templates, an attacker can craft a CSR to include application policies that are preferred over the…
Kicking it Old-School with Time-Based Enumeration in Azure
IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…
Missing: Data Classification, Part 2 - Looking at System Classification
Recap of Part 1This is the second of a two-part series on Data Classification. The first part spoke to the fact that most security programs grow…
Pull Your SOCs Up
"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts."-Sir Arthur…
Console Cowboys: Navigating the Modern Terminal Frontier
In our little niche corner of technology, it’s hard not to get excited about all the new command line interface (CLI) tools popping up all the time. I decided…
How to Get the Most Out of a Pentest
TL;DRDefine the goal of an assessment.Take time to choose the right assessment type.The more detail you give about an asset, the better quality your report…
Putting Our Hooks Into Windows
We're back with another post about common malware techniques. This time we are talking about setting Windows hooks. This is a simple technique that can be used…
When on Workstation, Do as the Local Browsers Do!
1 IntroductionWeb browsers are common targets for many different APTs. Tools like Redline Malware or penetration testing tools such as SharpChrome or…
Loading...