Amanda Mates – Page 7 – WindowsTechs.com

Automating a RedELK Deployment Using Ansible

Posted on May 28, 2020 by Amanda Mates

As the red team infrastructure needs continue to expand (and grow more complicated), so does the need for infrastructure automation. Red teams are adopting DevOps to improve the speed at which their infrastructure is deployed, hence the rise in usage of tools such as Terraform and Ansible for red teams. In this post, we will…

The post Automating a RedELK Deployment Using Ansible appeared first on TrustedSec.

Continue reading Automating a RedELK Deployment Using Ansible→

A Beginner’s Guide to Staying Safe/Anonymous Online

Posted on May 21, 2020 by Amanda Mates

What is OSINT? It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can…

The post A Beginner’s Guide to Staying Safe/Anonymous Online appeared first on TrustedSec.

Continue reading A Beginner’s Guide to Staying Safe/Anonymous Online→

Developing with VBA for Script Kiddies

Posted on May 7, 2020 by Amanda Mates

Introduction Now that I can read these macros and code snippets on stackexchange, how do I really make use of VBA? There must be more than meets the eye. How can I transform this BASIC code into something to pwn the world? I want to develop something! After learning the reason we should be looking…

The post Developing with VBA for Script Kiddies appeared first on TrustedSec.

Continue reading Developing with VBA for Script Kiddies→

The VBA Language for Script Kiddies

Posted on May 5, 2020 by Amanda Mates

Introduction Thanks to your super spiffy explainer on macros, I know why I should go old school and start coding in VBA, but I can’t even read it, let alone hack it. Do you have Google translate for VBA or possibly a Babel fish? Great, I’ve convinced you that you need to start looking at…

The post The VBA Language for Script Kiddies appeared first on TrustedSec.

Continue reading The VBA Language for Script Kiddies→

Breaking Into InfoSec – A Beginners Guide (Part 2)

Posted on April 23, 2020 by Amanda Mates

Opening In part one of this blog post series, we covered some personal backstory of my journey into InfoSec, went over putting a plan together for your next InfoSec mission, recommended some InfoSec immersion ideas, and provided some guidance around seeking out a mentor. If you haven’t had a chance to read the first part…

The post Breaking Into InfoSec – A Beginners Guide (Part 2) appeared first on TrustedSec.

Continue reading Breaking Into InfoSec – A Beginners Guide (Part 2)→

Breaking Into InfoSec – A Beginners Guide (Part 1)

Posted on April 21, 2020 by Amanda Mates

Opening In this blog post, I will cover strategies that worked for me while transitioning out of the Air Force (over 20 years ago) having ZERO formalized IT training and ZERO on-the-job-training (OJT) in the field. Although this was a long time ago 🙂 and my path led to an IT position, the preparation and…

The post Breaking Into InfoSec – A Beginners Guide (Part 1) appeared first on TrustedSec.

Continue reading Breaking Into InfoSec – A Beginners Guide (Part 1)→

Prepare to Write A Scanner Plugin Before Your Next Platform Test!

Posted on April 16, 2020 by Amanda Mates

BurpSuite is a remarkably extensible platform. While I have written a number of extensions for testing specific applications, as well as more general extensions, one type of extension I had never attempted before was creating my own BurpSuite Scanner plugin. Because modern applications are increasingly difficult to exhaustively test for certain types of issues, I…

The post Prepare to Write A Scanner Plugin Before Your Next Platform Test! appeared first on TrustedSec.

Continue reading Prepare to Write A Scanner Plugin Before Your Next Platform Test!→

Is Zoom’s Lack of End-To-End Encryption a Problem?

Posted on April 2, 2020 by Amanda Mates

All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target…

The post Is Zoom’s Lack of End-To-End Encryption a Problem? appeared first on TrustedSec.

Continue reading Is Zoom’s Lack of End-To-End Encryption a Problem?→

Tricks for Weaponizing XSS

Posted on March 30, 2020 by Amanda Mates

In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers use a simple alert(1) payload to demonstrate successful JavaScript execution when we identify an XSS vulnerability. While…

The post Tricks for Weaponizing XSS appeared first on TrustedSec.

Continue reading Tricks for Weaponizing XSS→

Crossover Sec: Breaking Down the Silos

Posted on March 24, 2020 by Amanda Mates

People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, “Adaptation of the Security Sub-Culture,” know of my non-InfoSec hobby and history of playing in loud bands that recorded and toured across the U.S. and Canada, mostly in the 90s. It was music in the 80s that had…

The post Crossover Sec: Breaking Down the Silos appeared first on TrustedSec.

Continue reading Crossover Sec: Breaking Down the Silos→