We share our expertise to make the world a safer place.
InfoSec moves at a rapid pace and sometimes it’s hard to keep up—that’s where we enter the chat.
Discover current cybersecurity insights
Get vital information straight from the experts, without all the noise.
Most Reported Web Findings of 2023
I reviewed the findings from the application and API assessments that the TrustedSec Software Security Team conducted during 2023 to see what issues we were…
Preparing for NIST CSF 2.0: Practical Tips for Implementation
TrustedSec’s Senior Security Consultant Jared McWherter and Advisory Solutions Director Alex Hamerstone provide actionable advice for aligning your…
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
The Midnight Alert: Navigating the Dark Web Data Dilemma
In the dead of night, an ominous message hits your inbox: "Your company's sensitive data is for sale on the dark web." As the Chief Information Security…
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
This vulnerability in Microsoft Graph allowed attackers to perform password-spray attacks undetected, potentially compromising any organization in Azure.
Security Noise - Episode 6.19
InfoSec: Cybersecurity Education at Bedford High
Loading DLLs Reflections
We're back with another post about common malware techniques. This time we're not talking about process hollowing. We are going to branch off and talk about…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 3
Related RequirementsThis is part three (3) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of…
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 2
This article explains how to adjust CVSS scores based on an organization's environment, providing a flexible approach to risk assessment and mitigation.
Security Noise - Episode 6.18
Careers in InfoSec: Where do you want to go today?
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 1
May 28, 2025 update: PCI SSC has released a new infographic about the vulnerability management process. This provides a useful high-level overview of the…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
Loading...
Get our best blogs, latest webinars, and podcasts sent to your inbox.
Our monthly newsletter makes it easy to stay up-to-date on the latest in security.
