Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Everything You Need to Know About jQuery and its Vulnerabilities
IntroductionJavaScript is used in some way on almost all modern web applications. There are several popular libraries that websites utilize, and each come with…
Introducing The Shelf
The Shelf
Missing: Data Classification
Picked Last AgainData Classification is generally missing from many Information Security programs, unfortunately. The growth and maturity of most security…
Assumed Breach: The Evolution of Offensive Security Testing
Assumed Breach assessments simulate a compromised internal network, helping organizations strengthen security posture by identifying vulnerabilities and…
JS-Tap Mark II: Now with C2 Shenanigans
JS-Tap 2.0 offers a custom payload C2 system, allowing users to execute custom JavaScript payloads on clients, with features like autorun, repeat payload, and…
Introducing Meta-Detector
In this blog post, I’m going to discuss a new Open-Source Intelligence (OSINT) tool I created to assist with collecting information about target organizations…
Most Reported Web Findings of 2023
I reviewed the findings from the application and API assessments that the TrustedSec Software Security Team conducted during 2023 to see what issues we were…
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
The Midnight Alert: Navigating the Dark Web Data Dilemma
In the dead of night, an ominous message hits your inbox: "Your company's sensitive data is for sale on the dark web." As the Chief Information Security…
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
This vulnerability in Microsoft Graph allowed attackers to perform password-spray attacks undetected, potentially compromising any organization in Azure.
Loading DLLs Reflections
We're back with another post about common malware techniques. This time we're not talking about process hollowing. We are going to branch off and talk about…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 3
Related RequirementsThis is part three (3) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of…
Loading...