TrustedSec

<p>Understanding the Value of Findings Clients Often QuestionIn some report readouts, we may encounter situations where a client looks at a web application report and asks, “Why are you even reporting that?” This blog…</p>

<p>Attackers are getting increasingly creative—not just with their payloads, but with how they deliver and operate them. In a recent Incident Response engagement, TrustedSec investigated a case involving an attacker who…</p>

<p>Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all are and what they have to do with each other. This post…</p>

<p>The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse? This is actually expected behavior. Figure 1 - WHY???…</p>

<p>While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable privilege escalation vulnerability.  Every day at exactly…</p>

<p>In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I sometimes find myself needing to use legitimate software to…</p>

<p>As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare scores and maturity ratings from version 1.1 to version 2.0?…</p>

<p>Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known vulnerability by targeting two headers used in some JWT setups.</p>

<p>Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop capabilities in the browser. This feature is not only…</p>

<p>In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we need an MCP that will allow Claude to disassemble .NET…</p>

<p>Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data. Common mobile device threat vectors include various attack…</p>

<p>Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could password spray and remain undetected. Well, the Ghost of…</p>

<p>As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it takes to pull them off.</p>

<p>Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same" engagement, you've likely encountered this issue at some point.…</p>

<p>Session Management Testing - CookiesThe Cheat Sheet section is for quick reference and to make sure steps don’t get missed.The Learn section is for those who have never touched the topic before.The Implement section is…</p>

<p>When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the love. There’s a lot of research, tradecraft and blog post…</p>

<p>How does one Purple Team? TAC Practice Lead Megan Nilsen shares open-source tools, techniques, and tips for security practitioners exploring Purple Teaming, along with advice to boost offensive and defensive skills.</p>

<p>1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness &amp; Countermeasures (TAC) team is to assess and enhance our partners' security posture. Every organization benefits from improving and…</p>

<p>OverviewIn web and mobile applications, we’ve been fortunate over the years to have such widespread use of HTTPS by way of TLS. The proliferation of HTTPS is in no small part due to Let’s Encrypt, which provides free…</p>

<p>In my experience, most organizations are prepared to discuss the scope of penetration tests when preparing for an External or Internal Penetration Test, but when it comes time to discuss specifics about a web…</p>