Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Injecting Rogue DNS Records Using DHCP
Understanding DHCP to Inject Rogue DNS Records via Spoofed MAC Addresses.
Tailoring Cobalt Strike on Target
Patching Cobalt Strike's beacon payload on target to ensure successful C2 execution, including customizing user-agent and C2 server options for optimized…
What Spring Data can teach us about API misconfiguration
Unauthenticated users can access sensitive user data through a critical misconfiguration bug in Spring Data's ALPS, allowing unsecured API requests.
How I Retained My QSA Certification
To maintain Payment Card Industry (PCI) Security Standards Council (SSC) compliance, I've retained my QSA certification with relevant industry certifications…
Get to Hacking MASSively Faster - The Release of SpooNMAP
Discover the power of SpooNMAP, a custom wrapper script combining Masscan and NMAP for fast, effective penetration testing, with Larry Spohn's expert guidance.
RisingSun: Decoding SUNBURST C2 to Identify Infected Hosts Without Network Telemetry
TrustedSec's RisingSun tool helps SolarWinds Orion customers identify if their servers generated SUNBURST C2 domains by analyzing host information and…
SolarWinds Backdoor (Sunburst) Incident Response Playbook
Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka…
SolarWinds Orion and UNC2452 - Summary and Recommendations
In the wake of recent revelations regarding a supply chain compromise of the SolarWinds Orion platform by a nation-state actor, and subsequent targeting of…
4 Free Easy Wins That Make Red Teams Harder
Boost Windows security with easy wins: disable macros, extensions, local admin access, and protect LSASS, making it harder for attackers to succeed.
An Update On Non-Aggressive Reporting
Expertly balancing professionalism and facts, non-aggressive reporting by Kelsey Segrue helps clients understand and respond to security testing findings.
Nine Things to Know About the CMMC
TrustedSec provides expert guidance on the Cybersecurity Maturity Model Certification (CMMC) to help defense contractors and subcontractors achieve compliance…
Fear, Cybersecurity, and Right to Repair
Security researchers can identify and fix vulnerabilities, reducing cyber threats, by gaining access to vehicle data through Right to Repair legislation.
Loading...