Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
The Art of Bypassing Kerberoast Detections with Orpheus
Back in May of 2018, I wrote a blog post detailing the steps I took to detect Kerberoast (T1558.003) attacks. This research allowed us to help organizations…
The Benefits of Enabling Timestamps in Your Command-Line History
Setting up and utilizing the command history facility in Linux for forensic purposes can provide valuable insights into command-line activities, helping…
Active Directory for Script Kiddies
Introduction It seems like all these corporate types are using Active Directory. What is this “Active Directory”? And how can I use it to make my job as a…
Auditing Exchange Online From an Incident Responder's View
Harden your Microsoft 365 environment against Business Email Compromise (BEC) attacks with TrustedSec's baseline recommendations, including audit logging, MFA,…
Windows Processes, Nefarious Anomalies, and You: Threads
In part 1 of this blog mini-series, we looked at memory regions and analyzed them to find some potential malicious behavior. In part 2, we will do the same…
Windows Processes, Nefarious Anomalies, and You: Memory Regions
Memory Scanner identifies RWX and MZ headers in private memory regions, indicating potential malicious activity, providing context for further analysis and…
How to Get the Most Out of Your Pentest
TL;DR Define the goal of an assessment.Take time to choose the right assessment type.The more detail you give about an asset, the better quality your report…
A Primer on Cloud Logging for Incident Response
Review Azure, AWS logs to investigate identity-based cloud incidents, including resource and network logs, and enable traditional forensic analysis if needed.
LastPass Security Vulnerability: How Credentials are Accessed in Memory
Customize the text of our system to suit your needs, unlocking full control over the user experience.
The Curious Case of the Password Database
TrustedSec reveals vulnerabilities in ManageEngine's Password Manager Pro, demonstrating how attackers can recover encrypted data, highlighting the importance…
Dameware Mini: The Sleeper Hit of 2019?
Discover how to exploit a 4-year-old vulnerability in SolarWinds Dameware Mini Remote Control, and gain footholds on several gigs, with step-by-step guidance…
Set Up an Android Hacking Lab for $0
A virtual Android device with root access has been set up for testing and analysis, enabling the use of Frida and Objection to identify security…
Loading...