Nathan Noll – WindowsTechs.com

Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction

Posted on June 27, 2023 by Nathan Noll

As a web application tester, I encounter a recurring challenge in my work: receiving incomplete responses from Burp Collaborator during DNS and HTTP response testing. For example, Collaborator will provide the IP address that performed the DNS look up or HTTP Request. Sometimes, these responses turn out to be false positives caused by intrusion protection…

The post Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction appeared first on TrustedSec.

Continue reading Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction→

Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations

Posted on June 1, 2023 by Nathan Noll

On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. TrustedSec has performed analysis on the vulnerability and post-exploitation activities. At the time of publication, there is no associated CVE or CVS score. This post will describe the research conducted so…

The post Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations appeared first on TrustedSec.

Continue reading Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations→

Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 3 – Network Analysis and Tooling)

Posted on April 25, 2023 by Nathan Noll

Within the first two installments of this series, we identified the key to successful incident preparation starts with making sure a solid incident triage process is in place, centralized analysis documentation is created, and the incident communication cadence has been solidified. This, in conjunction with a well-oiled rapid triage Windows artifact processing plan, allows analysts…

The post Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 3 – Network Analysis and Tooling) appeared first on TrustedSec.

Continue reading Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 3 – Network Analysis and Tooling)→

Better Hacking Through Cracking: Know Your Rules

Posted on April 21, 2023 by Nathan Noll

THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…

The post Better Hacking Through Cracking: Know Your Rules appeared first on TrustedSec.

Continue reading Better Hacking Through Cracking: Know Your Rules→

Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 2 – Incident Assessment and Windows Artifact Processing)

Posted on April 20, 2023 by Nathan Noll

In Part 1 of this series, we identified that there are three (3) key parts to successful incident preparation: ensuring that a solid incident triage process is in place, creating centralized analysis documentation, and solidifying incident communication. In Part 2 of this series, I will delve into the process of thoroughly evaluating the incident, explore…

The post Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 2 – Incident Assessment and Windows Artifact Processing) appeared first on TrustedSec.

Continue reading Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 2 – Incident Assessment and Windows Artifact Processing)→

Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 1 – Process Overview and Preparation)

Posted on April 18, 2023 by Nathan Noll

In this series, I will be discussing how to handle an incident with the speed and precision of a DFIR warrior. With a rapid triage mindset, you’ll be able to assess the situation quickly and efficiently, just like a Jiu-Jitsu practitioner sizing up their opponent before delivering a devastating submission. You will have the tools…

The post Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 1 – Process Overview and Preparation) appeared first on TrustedSec.

Continue reading Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 1 – Process Overview and Preparation)→

Looting iOS App’s Cache.db

Posted on December 1, 2022 by Nathan Noll

Insecure By Default Mobile application assessments diverge somewhat from normal web application assessments as there is an installed client application on a local device to go along with the backend server. Mobile applications can often work offline, and thus have a local store of data. This is commonly in the form of SQLite databases stored…

The post Looting iOS App’s Cache.db appeared first on TrustedSec.

Continue reading Looting iOS App’s Cache.db→

Measuring the Impact of a Security Awareness Program

Posted on November 29, 2022 by Nathan Noll

Our goal in building a security awareness program is to embed security into our partners’ existing organizational culture. Impacting culture is a long-term process that can take years and requires executive support. If you are tasked with managing a security awareness program, it is your job to measure and show leadership that your program is…

The post Measuring the Impact of a Security Awareness Program appeared first on TrustedSec.

Continue reading Measuring the Impact of a Security Awareness Program→

Windows Processes, Nefarious Anomalies, and You: Threads

Posted on November 3, 2022 by Nathan Noll

In part 1 of this blog mini-series, we looked at memory regions and analyzed them to find some potential malicious behavior. In part 2, we will do the same thing with enumerating threads. Nobody explains it better than Microsoft—here is their explanation of what a thread is: “A thread is the basic unit to which…

The post Windows Processes, Nefarious Anomalies, and You: Threads appeared first on TrustedSec.

Continue reading Windows Processes, Nefarious Anomalies, and You: Threads→

Windows Processes, Nefarious Anomalies, and You: Memory Regions

Posted on November 1, 2022 by Nathan Noll

While operating on a red team, the likelihood of an Endpoint Detection and Response (EDR) being present on a host is becoming increasingly higher than it was a few years ago. When an implant is being initiated on a host, whether it’s on-disk or loaded into memory, then there is a lot to consider. In…

The post Windows Processes, Nefarious Anomalies, and You: Memory Regions appeared first on TrustedSec.

Continue reading Windows Processes, Nefarious Anomalies, and You: Memory Regions→