Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Abusing Windows Built-in VPN Providers
Some interesting things happen when you connect to a virtual private network (VPN). One that recently caught my interest is updates to the routing table.…
Measuring the Success of Your Adversary Simulations
Adversary Simulations (“AdSim” or “Red Teams”) represent a serious commitment on the part of an organization. In the United States, AdSim engagements are…
The Hidden Trap in the PCI DSS SAQ A Changes
The Payment Card Industry Security Standards Council (PCI SSC) just announced a change to Self Assessment Questionnaire A (SAQ A). The change eliminates two…
A Threat Hunter’s Guide to Decoding the Cloud
This blog will guide you through how to be a successful threat hunter in cloud environments, along with some helpful tips and advice.
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
Getting Started Using LLMs in Application Testing With an MVP
Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
1.1 IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…
Operating Inside the Interpreted: Offensive Python
IntroductionEvery once in a while, I get the urge to go back and revisit older techniques that used to be popular but have fallen out of favor with the…
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…
Solving NIST Password Complexities: Guidance From a GRC Perspective
Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness…
Malware Series: Process Injection Mapped Sections
We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a…
Top 10 Blogs of 2024
At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…
Abusing Windows Built-in VPN Providers
Some interesting things happen when you connect to a virtual private network (VPN). One that recently caught my interest is updates to the routing table.…
Measuring the Success of Your Adversary Simulations
Adversary Simulations (“AdSim” or “Red Teams”) represent a serious commitment on the part of an organization. In the United States, AdSim engagements are…
The Hidden Trap in the PCI DSS SAQ A Changes
The Payment Card Industry Security Standards Council (PCI SSC) just announced a change to Self Assessment Questionnaire A (SAQ A). The change eliminates two…
A Threat Hunter’s Guide to Decoding the Cloud
This blog will guide you through how to be a successful threat hunter in cloud environments, along with some helpful tips and advice.
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
Getting Started Using LLMs in Application Testing With an MVP
Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
1.1 IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…
Operating Inside the Interpreted: Offensive Python
IntroductionEvery once in a while, I get the urge to go back and revisit older techniques that used to be popular but have fallen out of favor with the…
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…
Solving NIST Password Complexities: Guidance From a GRC Perspective
Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness…
Malware Series: Process Injection Mapped Sections
We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a…
Top 10 Blogs of 2024
At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…