Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 2
This article explains how to adjust CVSS scores based on an organization's environment, providing a flexible approach to risk assessment and mitigation.
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 1
Vulnerability IdentificationPCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities, and its predecessors in previous…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
Observations From Business Email Compromise (BEC) Attacks
Since joining TrustedSec, I have gotten to work numerous cases, and each of them is like unraveling a mystery to get at the truth—especially the situations…
From Chaos to Clarity: Organizing Data With Structured Formats
1.1 IntroductionAbout a year ago, we introduced a logging utility into our internal tooling on the Targeted Operations team to standardize how we output…
Securing Sensitive Data: How Ransomware Challenges the Healthcare Industry
The healthcare industry is a prime target for ransomware attacks due to the critical nature of its services and the sensitive data it handles. This blog post…
From Error to Entry: Cracking the Code of Password-Spraying Tools
Discover how to effectively onboard MFA for Office 365 users with MSOLSpray, and unlock remote access with our expert guide.
Failure to Restrict URL Access: It’s Still a Thing
Discover feature flags and modify responses using Burp Suite's Match and Replace rules or Reshaper plugin to enhance your web application testing capabilities.
Introducing PCI's New Self-Assessment Questionnaire
The PCI DSS 4.0 transition deadline is approaching on April 01, 2024, and we have a new type of reduced-scope self-assessment questionnaire (SAQ) to go with…
Unwelcome Guest: Abusing Azure Guest Access to Dump Users, Groups, and more
Enumerate Azure AD users and groups with guest access, exploiting default settings to reveal hidden user lists and group membership.
Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
LLVM obfuscation passes show minimal impact on native executable detection rates, with some exceptions.
Weaponization of Token Theft – A Red Team Perspective
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and…
Loading...