Amanda Mates – Page 8 – WindowsTechs.com

From the Desk of the CEO: Remote Security Testing vs. On-Site Testing: Understanding the Difference

Posted on March 19, 2020 by Amanda Mates

With the COVID-19 pandemic underway, we’ve all had to adjust in ways we would have never imagined. Talking with peers in the industry, having to stand up a complete remote workforce overnight has been both challenging and rewarding. While there are bound to be hiccups and lapses in security, the ability for organizations to be…

The post From the Desk of the CEO: Remote Security Testing vs. On-Site Testing: Understanding the Difference appeared first on TrustedSec.

Continue reading From the Desk of the CEO: Remote Security Testing vs. On-Site Testing: Understanding the Difference→

CVE-2020-0796: SMBv3 “Wormable” Remote Code Execution Vulnerability

Posted on March 12, 2020 by Amanda Mates

On March 10, 2020, during its monthly Patch Tuesday, Microsoft published the advisory ADV200005 for a critical Remote Code Execution (RCE) vulnerability on Server Message Block (SMB) 3.1.1. Microsoft released the advisory after Cisco Talos accidentally published details on the same day. Both Cisco Talos and Fortinet released advisories for the vulnerabilities on their pages…

The post CVE-2020-0796: SMBv3 “Wormable” Remote Code Execution Vulnerability appeared first on TrustedSec.

Continue reading CVE-2020-0796: SMBv3 “Wormable” Remote Code Execution Vulnerability→

Avoiding Get-InjectedThread for Internal Thread Creation

Posted on March 12, 2020 by Amanda Mates

Often, a malicious author wants to be able to load non-disk backed code into memory. This could include code that was decrypted and unpacked (a second stage providing more functionality) or plugins to existing running code. After this non-disk backed code is loaded via some mechanism, it can be called normally, or a thread can…

The post Avoiding Get-InjectedThread for Internal Thread Creation appeared first on TrustedSec.

Continue reading Avoiding Get-InjectedThread for Internal Thread Creation→

Intro to Macros and VBA for Script Kiddies

Posted on March 3, 2020 by Amanda Mates

Introduction Why can’t I pwn my friends anymore? It seems like all my Metasploit magic is getting caught—even my modified, secret-sauce payloads. DEP. ASLR. EDRs. Sandboxes. Whitelists. It’s no fun anymore! So, you thought you were a 1337 h4x0r? You thought you had mad ‘sploit-writing, shell-popping skillz? First, you learned Python (so easy), then C…

The post Intro to Macros and VBA for Script Kiddies appeared first on TrustedSec.

Continue reading Intro to Macros and VBA for Script Kiddies→

Targeted Active Directory Host Enumeration

Posted on January 23, 2020 by Amanda Mates

Current Problem When working in an unknown network, some of the most important pieces of information to have are appraisals of current assets and information contained on them. This is important for any security professional, from tester to defender. Given the prevalence of Active Directory (AD) in most Windows environments, gaining a clear inventory of…

The post Targeted Active Directory Host Enumeration appeared first on TrustedSec.

Continue reading Targeted Active Directory Host Enumeration→

From the Desk of the CEO: Securing the Future – Junior and Internship Programs

Posted on January 16, 2020 by Amanda Mates

When TrustedSec first started, the vision was to build a team of amazing individuals that were passionate, dedicated, and focused on helping organizations fix the issues they face in cybersecurity. While we may have accomplished this, there’s always more to do. At TrustedSec, our mission to contribute to the industry and community has always remained…

The post From the Desk of the CEO: Securing the Future – Junior and Internship Programs appeared first on TrustedSec.

Continue reading From the Desk of the CEO: Securing the Future – Junior and Internship Programs→

SELinux and Auditd

Posted on January 7, 2020 by Amanda Mates

In this blog post, I will discuss SELinux and Auditd, how to use them, how to determine what the default policies are doing, and how to add new ones. For those who do not know what SELinux is, it stands for Security-Enhanced Linux. More details about SELinux can be found in the resources section at…

The post SELinux and Auditd appeared first on TrustedSec.

Continue reading SELinux and Auditd→

Red Team Engagement Guide: How an Organization Should React

Posted on December 5, 2019 by Amanda Mates

A lengthy Red Team engagement is coming. What should the defense do if they catch the offense? Reimage systems? Notify and allow? What is the course of action that allows the engagement to proceed and deliver maximum value to the organization? These can be difficult questions to answer, but ones that companies procuring these tests…

The post Red Team Engagement Guide: How an Organization Should React appeared first on TrustedSec.

Continue reading Red Team Engagement Guide: How an Organization Should React→

Creating Honey Credentials with LSA Secrets

Posted on November 21, 2019 by Amanda Mates

As an attacker, I frequently leverage LSASecrets to escalate privileges within the context of an ongoing compromise. Generally, the attack path is something like this: Gain Initial Foothold > Escalate to Limited User > Dump LSASecrets on Systems Where Credentials are Administrator A pretty slick way to identify targets to dump LSASecrets on is to…

The post Creating Honey Credentials with LSA Secrets appeared first on TrustedSec.

Continue reading Creating Honey Credentials with LSA Secrets→

Finding and Identifying JScript/VBScript Callable COM Objects

Posted on November 7, 2019 by Amanda Mates

Microsoft JScript and VBScript are two languages that can be used for initial code execution on a new target. This may be done through the use of a phishing payload that leverages .hta files or through the use of trusted binaries to execute a payload on a new target. The use of .hta files specifically…

The post Finding and Identifying JScript/VBScript Callable COM Objects appeared first on TrustedSec.

Continue reading Finding and Identifying JScript/VBScript Callable COM Objects→