Author Archives: Nathan Noll

Practical OAuth Abuse for Offensive Operations – Part 1

Posted on by

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to…

The post Practical OAuth Abuse for Offensive Operations – Part 1 appeared first on TrustedSec.

Continue reading Practical OAuth Abuse for Offensive Operations – Part 1

Breaking Typical Windows Hardening Implementations

Posted on by

In this post, I will go over some hardening configurations that are typically set in Group Policy settings and ways to bypass them. It is important to remember that hardening configurations can be a whole series of different settings. For this post, I am showing only a few specific settings, meaning that if these were…

The post Breaking Typical Windows Hardening Implementations appeared first on TrustedSec.

Continue reading Breaking Typical Windows Hardening Implementations

Vendor Enablement: Rethinking Third-Party Risk

Posted on by

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

The post Vendor Enablement: Rethinking Third-Party Risk appeared first on TrustedSec.

Continue reading Vendor Enablement: Rethinking Third-Party Risk

Payment Card Industry (PCI) – Recurring Requirements Require Attention!

Posted on by

There are certain items contained within the 12 PCI requirements that have to be performed based on defined frequencies. In my experience, companies sometimes struggle with adhering to some if not all of these items. There are a number of reasons that this might happen, whether it’s related to employee turnover, unfamiliarity with the items,…

The post Payment Card Industry (PCI) – Recurring Requirements Require Attention! appeared first on TrustedSec.

Continue reading Payment Card Industry (PCI) – Recurring Requirements Require Attention!

Generating SSH Config Files with Ansible

Posted on by

If you like to stand up infrastructure in the cloud using Ansible (like we do), one of the pain points can be getting the new instance IP addresses configured in an SSH config file for easy connecting. This used to be a manual process, but generating these files as part of your playbook is straightforward…

The post Generating SSH Config Files with Ansible appeared first on TrustedSec.

Continue reading Generating SSH Config Files with Ansible

Wanted: Process Command Lines

Posted on by

As a Red teamer, the key to not getting detected is to blend in. That means that if I need to spawn a new process on a host, it is important that it looks legitimate with command line parameters that look correct. Many system binaries have a set of parameters when they are executed. This…

The post Wanted: Process Command Lines appeared first on TrustedSec.

Continue reading Wanted: Process Command Lines

From the Desk of the CEO: TrustedSec Announces Professional Training Courses Online

Posted on by

TrustedSec has offered customized, in-person training to our clients for several years. With the need to move toward an online platform, TrustedSec has expanded our cutting edge training to help further educate and develop the Information Security industry. These offerings are designed to be some of the most effective instructor-led and live courses available today….

The post From the Desk of the CEO: TrustedSec Announces Professional Training Courses Online appeared first on TrustedSec.

Continue reading From the Desk of the CEO: TrustedSec Announces Professional Training Courses Online

PentesterLab Pro Giveaway

Posted on by

We are excited to announce that we will be giving away 200 one-month subscriptions to PentesterLab Pro. During these challenging times, we hope that you will be able to use this learning resource to improve your web application testing skills. PentesterLab Pro is a leading industry tool designed to make learning web hacking easier. Using hands-on…

The post PentesterLab Pro Giveaway appeared first on TrustedSec.

Continue reading PentesterLab Pro Giveaway

Understanding New York’s SHIELD Act

Posted on by

While General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) get a lot of attention, New York should not to be left out. In effect beginning on March 21, 2020, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (https://www.nysenate.gov/legislation/bills/2019/s5575) places additional security and privacy requirements on organizations that possess…

The post Understanding New York’s SHIELD Act appeared first on TrustedSec.

Continue reading Understanding New York’s SHIELD Act

Working from Home Tips for Script Kiddies

Posted on by

Working from home seems like a dream. What is everyone complaining about? I can’t think of anything better than working from my couch in my hoodie and boxers. I don’t have to make small talk. I don’t have to go outside. I can just sit by myself, crank out the code, and catch up on…

The post Working from Home Tips for Script Kiddies appeared first on TrustedSec.

Continue reading Working from Home Tips for Script Kiddies