TrustedSec

<p>The Problem Nobody Wants to Talk AboutLet me paint a picture most security leaders will recognize.You have 30+ policies living as Word documents on SharePoint. Half of them have filenames like…</p>

<p>Filling the Gaps Native Logging Can&#039;tAt this point in our series, we have Windows Security events capturing logon sessions and process creation, and PowerShell logging capturing script execution. That&#039;s a…</p>

<p>Invisible password sprays. Invisible logins. Full tokens returned.Nyxgeek here. It&#039;s 2026 and I&#039;ve got two more Azure Entra ID sign-in log bypasses to share with you. Don&#039;t get too excited…these bypasses…</p>

<p>When I started working in mobile application security in 2018, most testing was still largely manual. Since then, the ecosystem has exploded with scanners, frameworks, and automation platforms. With more tools…</p>

<p>A Windows shortcut (.lnk) seems very simple on the surface. It is a file that points somewhere and tells the system to open or execute a resource. A shortcut is relatively easy to overlook and can be spoofed to look…</p>

<p>The Second Most Important Data Source You&#039;re Probably Not CapturingIn Part 2, we enabled process creation logging with command lines. That&#039;s a big step forward. But here&#039;s the thing about PowerShell:…</p>

<p>The Audit Policies Nobody ConfiguresIn Part 1, we looked at why relying on a single telemetry source is a recipe for blind spots. Now let&#039;s get practical. Windows has a rich set of security auditing capabilities…</p>

<p>The Uncomfortable Truth About Your Telemetry Let me start with an observation that might hit close to home. In my years working Incident Response cases and running Tabletop Exercises, I&#039;ve noticed a pattern that…</p>

<p>Notepad++ has been in the news recently for a breach of infrastructure associated with the Notepad++ updater. This attack may have allowed an adversary to deliver backdoored updates which could allow arbitrary code…</p>

<p>CMMC has been getting much of the Controlled Unclassified Information (CUI) attention lately due to the size of the defense industrial base, but General Services Administration (GSA) requirements for protecting CUI are…</p>

<p>Entra ID (formerly Azure AD) is the core service upon which Microsoft 365 applications rely for directory and authentication services. This makes Entra ID security a critical element for any organization that leverages…</p>

<p>The Cheat Sheet section is for quick reference.The Learn section is for those who have never touched the topic before.The Implement section is for more detailed descriptions of each Cheat Sheet…</p>

<p>MCP-ASD Burp extension has been submitted to the BApp Store and is awaiting approval.MCP OVERVIEWMCP (Model Context Protocol) servers are becoming more common thanks to their ease of integration with AI systems such as…</p>

<p>With Microsoft “enforcing” Lightweight Directory Access Protocol (LDAP) Signing by default in Server 2025, it once again seems like a good time to revisit our old friends LDAP Channel Binding and LDAP Signing. It’s…</p>

<p>If you’ve administered Active Directory (AD) for any significant time, chances are you’ve come across the primaryGroupID attribute. Originally developed as a method for AD to support Portable Operating System Interface…</p>

<p>TL;DR, gimme the goods: https://github.com/hoodoer/ColonelClusteredExtension has been submitted to the Bapp store, awaiting approval.This is a Burp Suite extension I’ve been meaning to write for many years, yet somehow…</p>

<p>The CMMC program contains complex, and potentially confusing, scope requirements. Contractors that are preparing for a CMMC assessment will need to pay close attention to these requirements to achieve compliance. This…</p>

<p>Over the past few weeks I’ve been spending a significant amount of time updating the Sysmon Community Guide. This wasn’t driven by theory, trends, or what &#039;should&#039; work on paper. It was driven by what we keep…</p>

<p>Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software that cannot live on other systems should be installed on Domain…</p>

<p>Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!</p>