Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Getting Started Using LLMs in Application Testing With an MVP
Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
1.1 IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…
Operating Inside the Interpreted: Offensive Python
Discover how to use Python for malicious purposes on Windows, leveraging its ease of installation and existing tradecraft to evade detection and deploy malware…
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…
Solving NIST Password Complexities: Guidance From a GRC Perspective
Understand NIST's Digital Identity Guidelines for secure password implementation and access control, ensuring risk-based authentication and minimizing breaches…
Malware Series: Process Injection Mapped Sections
This post explains a common malware technique using shared memory sections to inject and execute code in a remote process, demonstrating the process in C and…
Top 10 Blogs of 2024
At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…
On-Demand BOF
Learn from the experts at TrustedSec on-demand, build BOFs with confidence, and gain hands-on experience with two previously unreleased tools, including a…
Discovering a Deserialization Vulnerability in LINQPad
Discovering a Deserialization Vulnerability in LINQPad, written by James Williams, reveals a novel deserialization vulnerability in a.NET application with over…
A 5-Minute Guide to HTTP Response Codes
If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…
Attacking JWT with Self-Signed Claims
Understanding JWS vulnerabilities and how to exploit them is crucial for securing applications and APIs that use JSON Web Tokens (JWTs).
EKUwu: Not just another AD CS ESC
Using default version 1 certificate templates, an attacker can exploit a vulnerability (EKUwu) to generate certificates that bypass security controls,…
Getting Started Using LLMs in Application Testing With an MVP
Are you interested in incorporating Large Language Models (LLMs) into app tests yet lack the tooling to get you there? This blog walks through how to start…
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops
1.1 IntroductionIn this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework…
Operating Inside the Interpreted: Offensive Python
Discover how to use Python for malicious purposes on Windows, leveraging its ease of installation and existing tradecraft to evade detection and deploy malware…
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…
Solving NIST Password Complexities: Guidance From a GRC Perspective
Understand NIST's Digital Identity Guidelines for secure password implementation and access control, ensuring risk-based authentication and minimizing breaches…
Malware Series: Process Injection Mapped Sections
This post explains a common malware technique using shared memory sections to inject and execute code in a remote process, demonstrating the process in C and…
Top 10 Blogs of 2024
At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…
On-Demand BOF
Learn from the experts at TrustedSec on-demand, build BOFs with confidence, and gain hands-on experience with two previously unreleased tools, including a…
Discovering a Deserialization Vulnerability in LINQPad
Discovering a Deserialization Vulnerability in LINQPad, written by James Williams, reveals a novel deserialization vulnerability in a.NET application with over…
A 5-Minute Guide to HTTP Response Codes
If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…
Attacking JWT with Self-Signed Claims
Understanding JWS vulnerabilities and how to exploit them is crucial for securing applications and APIs that use JSON Web Tokens (JWTs).
EKUwu: Not just another AD CS ESC
Using default version 1 certificate templates, an attacker can exploit a vulnerability (EKUwu) to generate certificates that bypass security controls,…