Collaborate Disseminate
During a recent engagement, I found a cross-site scripting (XSS) vulnerability in a legal document management application and created a quick and dirty document exfiltration payload. Unfortunately, this discovery and coding happened on the final day of the engagement (*cough* reporting bonus hacking day), and I didn’t have a chance to actually put the exfiltrated…
The post Simple Data Exfiltration Through XSS appeared first on TrustedSec.
ADExplorer is a tool I have always had in my backpack. It can be useful for both offensive and defensive purposes, but in this post, I am going to focus more on its offensive use. The tool itself can be found here: https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer A typical scenario I often face on engagements is that I have…
The post ADExplorer on Engagements appeared first on TrustedSec.
Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult…
The post Companies on High Alert for Unemployment Fraud appeared first on TrustedSec.
Continue reading Companies on High Alert for Unemployment Fraud
Introduction Well, I finally popped a box, but the EDR keeps sucking up all my tools. There must be a way to do some basic things on the box without getting caught. How can I poke around and do some stuff without possibly burning all my tools? After all the hard work of getting onto…
The post BITS for Script Kiddies appeared first on TrustedSec.
As the web application footprint migrates client-side, tools to thoroughly analyze and test client behavior are becoming increasingly important. Burp Suite has made some great strides in this direction with their browser-based enhancements to crawling and scanning, but when it comes time to really dig into the particulars for research, we are still very much…
The post More Options for Response Modification -With ResponseTinker appeared first on TrustedSec.
Continue reading More Options for Response Modification -With ResponseTinker
On February 17, 2021 TrustedSec hosted an ‘Ask Me Anything’ on our Slack Workplace with TrustedSec’s Incident Response Team. Many great questions were asked and lots of information exchanged that we didn’t want to get lost with time, so we’ve put together this blog with questions and the conversation that blossomed from them. Please note:…
The post TrustedSec Incident Response Team Slack AMA 02.17.2021 appeared first on TrustedSec.
Continue reading TrustedSec Incident Response Team Slack AMA 02.17.2021
Groundbreaking Event with City Officials on March 22 Internationally prominent cybersecurity company TrustedSec is moving its operations to Fairlawn, Ohio. We announced our plan to move our headquarters to Fairlawn, Ohio in early 2020. Those plans are finally coming to life, starting with our groundbreaking on Monday, March 22! Below is our official press release…
The post TrustedSec Moves Headquarters to Fairlawn appeared first on TrustedSec.
Intro Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if that’s the case, you came to the right place. In this post, we’ll go through the basic steps of understanding and building an in-memory loader…
The post COFFLoader: Building your own in memory loader or how to run BOFs appeared first on TrustedSec.
Continue reading COFFLoader: Building your own in memory loader or how to run BOFs
In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from…
The post Who Left the Backdoor Open? Using Startupinfo for the Win appeared first on TrustedSec.
Continue reading Who Left the Backdoor Open? Using Startupinfo for the Win
Introduction I’ve finally moved up in the world and am pwning companies instead of n00bs, but all the workstations are locked down. What is this Group Policy thing? Why is it harshing my mellow? So, you’ve finally moved up into the big leagues. You’re no longer wasting your time hacking your friends, parents, or that…
The post Group Policy for Script Kiddies appeared first on TrustedSec.