Teaching a New Dog Old Tricks - Phishing With MCP
<p>As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it takes to pull them off.</p>
TrustedSec
Apples, Pears, and Oranges: Not All Pentest Firms Are the Same
6 days ago
<p>Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same" engagement, you've likely encountered this issue at some point.…</p>
Martin Bos
AppSec Cheat Sheet: Session Management
1 week 6 days ago
<p>Session Management Testing - CookiesThe Cheat Sheet section is for quick reference and to make sure steps don’t get missed.The Learn section is for those who have never touched the topic before.The Implement section is…</p>
Aaron James
Red Team Gold: Extracting Credentials from MDT Shares
2 weeks 1 day ago
<p>When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the love. There’s a lot of research, tradecraft and blog post…</p>
Oddvar Moe
Purpling Your Ops
2 weeks 6 days ago
<p>How does one Purple Team? TAC Practice Lead Megan Nilsen shares open-source tools, techniques, and tips for security practitioners exploring Purple Teaming, along with advice to boost offensive and defensive skills.</p>
Megan Nilsen
I Got 99 Problems But a Log Ain’t One
3 weeks 6 days ago
<p>1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness & Countermeasures (TAC) team is to assess and enhance our partners' security posture. Every organization benefits from improving and…</p>
Zach Bevilacqua
Application Layer Encryption with Web Crypto API
4 weeks 1 day ago
<p>OverviewIn web and mobile applications, we’ve been fortunate over the years to have such widespread use of HTTPS by way of TLS. The proliferation of HTTPS is in no small part due to Let’s Encrypt, which provides free…</p>
Drew Kirkpatrick
Why the WAF
1 month ago
<p>In my experience, most organizations are prepared to discuss the scope of penetration tests when preparing for an External or Internal Penetration Test, but when it comes time to discuss specifics about a web…</p>
Brian Berg
The Necessity of Active Testing – Detection Edition
1 month 1 week ago
<p>Most security teams understand the importance of log collection and building detections to provide early indicators of anomalous or potentially malicious activity. However, what is often forgotten is testing the…</p>
Megan Nilsen
How Far Should You Let Penetration Testers Go?
1 month 1 week ago
<p>How far should you let penetration testers go once they have a finding or foothold on a penetration test of your organization?As far as they can!The goal is to help improve your organization’s security posture. The more…</p>
Scott White
Discovering Your Baud
1 month 2 weeks ago
<p>I'm still pretty new to hardware hacking and find myself going through a lot of media (both text and moving pictures) about various techniques to interact with IoT devices and hardware in general. One of the tasks for a…</p>
Brian Berg
TrustedSec Achieves CREST Certification
1 month 2 weeks ago
<p>TrustedSec has achieved CREST Certification for penetration testing, a globally recognized standard that verifies an organization's ability to conduct high-quality, rigorous, and ethical cybersecurity services.</p>
David Kennedy
Kubernetes for Pentesters: Part 1
1 month 3 weeks ago
<p>In the first section of this multi-part practical guide, I’ll introduce you to Kubernetes (K8s) from a penetration testing perspective, including basic information, vocabulary, and how to identify and explore Kubernetes…</p>
Kelsey Segrue
CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause
2 months ago
<p>U.S. government contractors need to start preparing for a proposed new government-wide Controlled Unclassified Information (CUI) protection requirement.</p>
Chris Camejo
MCP: An Introduction to Agentic Op Support
2 months 1 week ago
<p>1.1 IntroductionAgents and Large Language Models (LLMs) offer a powerful combination for driving automation. In this post, we’ll explore how to implement a straightforward agent that leverages the capabilities of…</p>
Brandon McGrath
Getting the Most Out of Your API Security Assessment
2 months 1 week ago
<p>Tips for what you can do in advance of an API Security Assessment to help us avoid delays and ensure the process runs smoothly and benefits everyone.</p>
Joe Sullivan
PCI DSS Payment Card Data Retention
2 months 1 week ago
<p>The Payment Card Industry Data Security Standard (PCI DSS) applies to and has specific requirements for retention of Account Data. In general, organizations must retain as little Account Data as they can for as short a…</p>
Chris Camejo
Trimarc Joins TrustedSec: Strengthening Our Commitment to Security
2 months 2 weeks ago
<p>Play We’re excited to share some big news: Trimarc Security is now fully operating under TrustedSec! This marks a significant step forward in our mission to provide real-world security guidance to help our partners…</p>
David Kennedy
Are Attackers "Passing Through" Your Azure App Proxy?
2 months 2 weeks ago
<p>TL;DR - Azure app proxy pre-authentication set to Passthrough may unintentionally expose private network resources.Microsoft’s Azure app proxy allows for publishing on-premises applications to the public without opening…</p>
Scott White
Are Attackers "Passing Though" Your Azure App Proxy?
2 months 2 weeks ago
<p>TL;DR - Azure app proxy pre-authentication set to Passthrough may unintentionally expose private network resources.Microsoft’s Azure app proxy allows for publishing on-premises applications to the public without opening…</p>
Scott White
Checked
1 hour 32 minutes ago