EXPERIENCE
Sarah Norris is a Security Consultant for TrustedSec. Sarah is starting her career in Information Security after conducting PCI audits for Trustwave. Before Trustwave, Sarah worked on Linux systems writing and debugging custom Python modules for Zenoss, the open source network monitoring software.
EDUCATION & CERTIFICATIONS
- Bachelor of Science, Cybersecurity, Utica College
- Certified Information Systems Security Professional (CISSP)
PROFESSIONAL AFFILIATIONS
Sarah Norris is a member of AHA (Austin Hackers Anonymous), Austin 2600, and lolctf.
PASSION FOR SECURITY
Sarah became interested in information security shortly after starting college. She realized that there was nothing more thrilling than picking a lock, cracking a password, or winning a CTF challenge.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
MSBuild: A Profitable Sidekick!
This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin)…
Take Your Employees Phishing!
Because Phishing attacks are becoming more advanced in their exploitation of social engineering techniques, it may be overwhelming to attempt a defense against…
BEC Basics: Your First Step to Thwarting Email Scams
Attackers never stop evolving their business email compromise (BEC) tactics, leveraging phishing, credential harvesting, and email spoofing to infiltrate…
Actionable Purple Team Simulation Online Training (November 7-8)
Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our online course. Designed for those looking to improve their…
Ask Me Anything: Advanced Cloud Pen Testing Scenarios
Cloud Penetration Tests are a critical component of cloud security, but integrating other testing methods can take the assessment to the next level. Adding…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Security Noise - Episode 7.4
Who's On My Network?
Spec-tac-ula Deserialization: Deploying Specula with .NET
Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET…
Calculating Business Impact
In today’s digital landscape, gaining a deep understanding of how cybersecurity threats can affect business-critical systems is crucial for maintaining…
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
