Research that leads the way
Our forward-thinking research team (AKA the TrustedSec Research Unit) produces practical TTPs to make your program more secure.
Our research ensures that TrustedSec consultants keep up with the ever-evolving cybersecurity landscape.
We develop advanced tooling with features and capabilities not found in the commercial market.
Meet Christopher Paschen, the TrustedSec Research Team Lead.
Our contributions to the community help us create a more secure world.
Because we constantly research and develop new TTPs, our archives are chock-full of ideas.
WMI for Script Kiddies
Use WMI to easily access and manage system data, with tools like Wmic.exe, WBEM tester tool, CIM Studio, WinRM tool, and PowerShell, allowing for remote and…
Supply Chain Woes – Attacks and Issues in IT Infrastructure: What Can We Do?
Understanding supply chain security is crucial for businesses to protect their infrastructure and mitigate risks, ensuring long-term success and safeguarding…
Obsidian, Taming a Collective Consciousness
Sam Link explores the benefits of Obsidian for team knowledge management, including Markdown, plaintext backend, Git integration, reduced overhead, and a…
COFFLoader: Building your own in memory loader or how to run BOFs
Create a generic in-memory loader for various executable file formats, including COFF, ELF, Mach-O, and PE, with built-in beacon compatibility.
Front, Validate, and Redirect
Use AzureC2Relay to securely relay Cobalt Strike beacon traffic to a team server within a virtual network, exposing only Secure Shell (SSH).
Group Policy for Script Kiddies
Learn how Group Policy can be both a powerful tool for sysadmins and a source of information for attackers, with techniques to exploit vulnerabilities and gain…
Injecting Rogue DNS Records Using DHCP
Understanding DHCP to Inject Rogue DNS Records via Spoofed MAC Addresses.
Tailoring Cobalt Strike on Target
Patching Cobalt Strike's beacon payload on target to ensure successful C2 execution, including customizing user-agent and C2 server options for optimized…
SolarWinds Backdoor (Sunburst) Incident Response Playbook
Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka…
Setting the ‘Referer’ Header Using JavaScript
Control the Referer header in JavaScript using a simple trick to bypass security controls and create malicious requests.
CVE-2020-2021: PAN-OS SAML Security Bypass
Upgrade Palo Alto PAN-OS to fix CVE-2020-2021, enabling SAML without validating IdP certificates, to prevent potential exploitation and enhance security.
Why We Are Launching the TrustedSec Sysmon Community Guide
Empower defenders with the TrustedSec Sysmon Community Guide, your one-stop-shop for leveraging this powerful tool, now available in multiple formats,…
Loading...
Building a toolset
We make custom tools for engagements and open-source tools for you (and the world).
Learning Sysmon YouTube series
Watch the “Learning Sysmon” video series created by Director of Security Intelligence Carlos Perez. More than 20 videos available!
Staying a step ahead
Attackers are always innovating—but so are we. TRU develops custom training and workshops on subjects not easily found elsewhere. We provide expert services and advice on advanced subjects.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
