Amanda Mates – Page 6 – WindowsTechs.com

Azure Automation – Getting Started With Desired State Configurations

Posted on July 21, 2020 by Amanda Mates

Azure brings a lot of new tools and capabilities to the IT and Information Security toolbox. In fact, there are so many features that it can be overwhelming and difficult to understand when or how to use them. I believe that the revamp of Desired State Configuration (DSC) within Azure is one of these overlooked…

The post Azure Automation – Getting Started With Desired State Configurations appeared first on TrustedSec.

Continue reading Azure Automation – Getting Started With Desired State Configurations→

A Developer’s Introduction to Beacon Object Files

Posted on July 16, 2020 by Amanda Mates

With the release of Cobalt Strike 4.1, a new feature has been added that allows code to be run in a more OPSEC friendly manner. This is implemented through what has been termed Beacon Object Files (BOFs). In this post, I will outline some of the less obvious restrictions of BOFs and share my workflow…

The post A Developer’s Introduction to Beacon Object Files appeared first on TrustedSec.

Continue reading A Developer’s Introduction to Beacon Object Files→

Using Azure to Address Endpoint Hygiene Management

Posted on July 14, 2020 by Amanda Mates

Remote workers are set up, but endpoint management is still an issue Setting up a remote workforce during the COVID-19 pandemic presented a huge challenge, especially trying to get so much done in such a short time frame. While getting extra Zoom licenses was likely pretty easy, there are more challenging issues surrounding remote sharing…

The post Using Azure to Address Endpoint Hygiene Management appeared first on TrustedSec.

Continue reading Using Azure to Address Endpoint Hygiene Management→

Microsoft MVP Awards 2020

Posted on July 3, 2020 by Amanda Mates

Who are MVPs? According to Microsoft, “Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community.” For more information on this award, visit the Microsoft MVP Overview page. Two members of the TrustedSec team are celebrating being recipients of the award from Microsoft—and both have received the honor in…

The post Microsoft MVP Awards 2020 appeared first on TrustedSec.

Continue reading Microsoft MVP Awards 2020→

CVE-2020-2021: PAN-OS SAML Security Bypass

Posted on July 2, 2020 by Amanda Mates

On June 29, 2020, Palo Alto released information on a Security Assertion Markup Language (SAML) authentication bypass CVE-2020-2021. Palo Alto published the advisory PAN-148988 for a critical issue affecting multiple versions of PAN-OS. An Overview of the Vulnerability Description: With network access to a device running a vulnerable version of PAN-OS and configured to use…

The post CVE-2020-2021: PAN-OS SAML Security Bypass appeared first on TrustedSec.

Continue reading CVE-2020-2021: PAN-OS SAML Security Bypass→

Are You Looking for Ants or Termites?

Posted on July 1, 2020 by Amanda Mates

Over the last several months, I’ve noticed something when discussing Incident Response (IR) with clients. There is often confusion between the expectation and reality concerning the end results of an IR investigation. My goal here is to clarify and set those expectations, and to show how Threat Hunting factors in. When TrustedSec gets called to…

The post Are You Looking for Ants or Termites? appeared first on TrustedSec.

Continue reading Are You Looking for Ants or Termites?→

MSBuild: A Profitable Sidekick!

Posted on June 25, 2020 by Amanda Mates

This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin) through a Remote Desktop Protocol (RDP) connection. The Situation: At the start of this engagement, I faced the common task of needing to escalate privileges after acquiring low-level access to a…

The post MSBuild: A Profitable Sidekick! appeared first on TrustedSec.

Continue reading MSBuild: A Profitable Sidekick!→

Access Locked Files With TScopy

Posted on June 11, 2020 by Amanda Mates

Wanted: TScopy Tool Testers GitHub Repo https://github.com/trustedsec/tscopy Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. TScopy…

The post Access Locked Files With TScopy appeared first on TrustedSec.

Continue reading Access Locked Files With TScopy→

Theft From Online Shopping Carts – Past and Present

Posted on June 4, 2020 by Amanda Mates

Past Circa 2007, during a penetration test, I encountered an online shopping cart that exposed a variable containing a product’s price and it allowed for manipulation to lower the cart’s total. In early 2008, research was conducted to answer the question – just how many carts are vulnerable to such a trivial hack? At the…

The post Theft From Online Shopping Carts – Past and Present appeared first on TrustedSec.

Continue reading Theft From Online Shopping Carts – Past and Present→