Research that leads the way
Our forward-thinking research team (AKA the TrustedSec Research Unit) produces practical TTPs to make your program more secure.

Our research ensures that TrustedSec consultants keep up with the ever-evolving cybersecurity landscape.
We develop advanced tooling with features and capabilities not found in the commercial market.
Meet Christopher Paschen, the TrustedSec Research Team Lead.


Our contributions to the community help us create a more secure world.
Because we constantly research and develop new TTPs, our archives are chock-full of ideas.
Abusing Windows Built-in VPN Providers
Some interesting things happen when you connect to a virtual private network (VPN). One that recently caught my interest is updates to the routing table.…
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
Android Hacking for Beginners
Bypass Android security measures to access sensitive data and transfer funds with this step-by-step guide to exploiting vulnerabilities in the Damn Vulnerable…
Introducing The Shelf
The Shelf
Introducing Meta-Detector
In this blog post, I’m going to discuss a new Open-Source Intelligence (OSINT) tool I created to assist with collecting information about target organizations…
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
The Midnight Alert: Navigating the Dark Web Data Dilemma
In the dead of night, an ominous message hits your inbox: "Your company's sensitive data is for sale on the dark web." As the Chief Information Security…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
LLVM obfuscation passes show minimal impact on native executable detection rates, with some exceptions.
Russia Hacks Microsoft and the Challenges of Securing Cloud
Watch as Carlos Perez and Edwin David discuss the Midnight Blizzard hack of Microsoft and the challenges of securing cloud environments.
Tech Brief - Citrix Bleed Abused by Ransomware Crews
Protect against Citrix Bleed ransomware attacks with our expert guidance on identifying vulnerabilities, developing detections, and improving incident response…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
Configuring a SACL to prevent unauthorized changes to Active Directory attributes, enabling auditing and monitoring for potential attacks, and detecting…
Loading...
Building a toolset
We make custom tools for engagements and open-source tools for you (and the world).
Learning Sysmon YouTube series
Watch the “Learning Sysmon” video series created by Director of Security Intelligence Carlos Perez. More than 20 videos available!
Staying a step ahead
Attackers are always innovating—but so are we. TRU develops custom training and workshops on subjects not easily found elsewhere. We provide expert services and advice on advanced subjects.

Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
