Author Archives: Amanda Mates

NFT Crime: From the Simple to the Ingeniously Simple

Posted on by

If you guessed these two things—a 10-kilo bar of gold and this image from the Bored Ape Yacht Club (BAYC)—cost about the same, roughly $600,000, you’d be right. And if it’s hard to believe this is true, you’d be like almost everyone else in the world. Basically, a one-of-a-kind cartoon in a type of video…

The post NFT Crime: From the Simple to the Ingeniously Simple appeared first on TrustedSec.

Continue reading NFT Crime: From the Simple to the Ingeniously Simple

Defending the Gates of Microsoft Azure With MFA

Posted on by

Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from…

The post Defending the Gates of Microsoft Azure With MFA appeared first on TrustedSec.

Continue reading Defending the Gates of Microsoft Azure With MFA

Making SMB Accessible with NTLMquic

Posted on by

This week, I dusted off my reading list and saw that I’d previously bookmarked an interesting article about the introduction of SMB over QUIC. The article from Microsoft showed that Windows was including support for SMB to be used over the QUIC protocol, which should immediately spark interest for anyone who includes SMB attacks as…

The post Making SMB Accessible with NTLMquic appeared first on TrustedSec.

Continue reading Making SMB Accessible with NTLMquic

Simplifying Your Operational Threat Hunt Planning

Posted on by

Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat…

The post Simplifying Your Operational Threat Hunt Planning appeared first on TrustedSec.

Continue reading Simplifying Your Operational Threat Hunt Planning

TrustedSec Okta Breach Recommendations

Posted on by

TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management…

The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.

Continue reading TrustedSec Okta Breach Recommendations

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene

Posted on by

Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of…

The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene appeared first on TrustedSec.

Continue reading Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene

Manipulating User Passwords Without Mimikatz

Posted on by

There are two common reasons you may want to change a user’s password during a penetration test: You have their NT hash but not their plaintext password. Changing their password to a known plaintext value can allow you to access services in which Pass-the-Hash is not an option. You don’t have their NT hash or…

The post Manipulating User Passwords Without Mimikatz appeared first on TrustedSec.

Continue reading Manipulating User Passwords Without Mimikatz

Work From Home Productivity Tips

Posted on by

For many of us, working from home is here to stay, but it does come with its own challenges. This article contains some of the best tips and tricks from TrustedSec consultants on how to stay focused at home. Set an alarm to start and stop working Alarms can be set in shorter intervals, to…

The post Work From Home Productivity Tips appeared first on TrustedSec.

Continue reading Work From Home Productivity Tips

Object Overloading

Posted on by

Using an OS binary to carry out our bidding has been a tactic employed by Red Teamers for years. This eventually led to us coining the term LOLBIN. This tactic is typically used as a way of flying under the radar of EDR solutions or to bypass application whitelisting by surrounding our code in the…

The post Object Overloading appeared first on TrustedSec.

Continue reading Object Overloading

Recovering Randomly Generated Passwords

Posted on by

TL;DR – Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwords masks_8.hcmask 9 Character Passwords masks_9.hcmask 10 Character Passwords masks_10.hcmask When testing a client’s security posture, TrustedSec will sometimes conduct a password audit. This involves attempting to recover the plaintext password by extracting and cracking the NTLM hashes…

The post Recovering Randomly Generated Passwords appeared first on TrustedSec.

Continue reading Recovering Randomly Generated Passwords