Research that leads the way
Our forward-thinking research team (AKA the TrustedSec Research Unit) produces practical TTPs to make your program more secure.
Our research ensures that TrustedSec consultants keep up with the ever-evolving cybersecurity landscape.
We develop advanced tooling with features and capabilities not found in the commercial market.
Meet Christopher Paschen, the TrustedSec Research Team Lead.
Our contributions to the community help us create a more secure world.
Because we constantly research and develop new TTPs, our archives are chock-full of ideas.
Android Hacking for Beginners
1.1 Prerequisites Set Up an Android Lab: https://www.trustedsec.com/blog/set-up-an-android-hacking-lab/ Burp Suite: https://portswigger.net/burp DVBA…
Introducing The Shelf
As an independent security consulting firm, we develop many custom capabilities over time. What happens when we decide that a capability no longer suits our…
Introducing Meta-Detector
In this blog post, I’m going to discuss a new Open-Source Intelligence (OSINT) tool I created to assist with collecting information about target organizations…
XZ Utils Made Me Paranoid
On March 28, 2024, the news about the XZ Utils backdoor came out. Since then, I’ve been thinking about how we could identify these backdoors before packages…
The Midnight Alert: Navigating the Dark Web Data Dilemma
In the dead of night, an ominous message hits your inbox: "Your company's sensitive data is for sale on the dark web." As the Chief Information Security…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
Recently, I’ve seen an uptick in interest in compile-time obfuscation of native code through the use of LLVM. Many of the base primitives used to perform these…
Russia Hacks Microsoft and the Challenges of Securing Cloud
Watch as Carlos Perez and Edwin David discuss the Midnight Blizzard hack of Microsoft and the challenges of securing cloud environments.
Tech Brief - Citrix Bleed Abused by Ransomware Crews
Welcome to our first brief on current events in the industry that TrustedSec believes our customers should know. Play Citrix Bleed Abused by Ransomware…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this third and final…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this continuation to our first…
Loading...
Building a toolset
We make custom tools for engagements and open-source tools for you (and the world).
Learning Sysmon YouTube series
Watch the “Learning Sysmon” video series created by Director of Security Intelligence Carlos Perez. More than 20 videos available!
Staying a step ahead
Attackers are always innovating—but so are we. TRU develops custom training and workshops on subjects not easily found elsewhere. We provide expert services and advice on advanced subjects.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.