Author Archives: Nathan Noll

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Posted on by

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

The post Securing a Remote Workforce: Top Five Things to Focus on For Everyone appeared first on TrustedSec.

Continue reading Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Upgrade Your Workflow, Part 2: Building Phishing Checklists

Posted on by

Continuing on the idea of creating checklists, (see previous blog about OSINT checklists), I wanted to share my personal phishing checklist. This list is what I use to make sure I have covered all my bases before firing the email. Some of these items may or may not be used, depending on your pretext. TLDR:…

The post Upgrade Your Workflow, Part 2: Building Phishing Checklists appeared first on TrustedSec.

Continue reading Upgrade Your Workflow, Part 2: Building Phishing Checklists

Upgrade Your Workflow, Part 1: Building OSINT Checklists

Posted on by

With so many new cool techniques and tools being released every day, I’ve caught myself going down rabbit holes or chasing false leads during engagements. Sometimes I’ll get so bogged down with tunnel-vision that I make OpSec mistakes or delay an entire testing objective. At best, this could result in my attacks being discovered, resulting…

The post Upgrade Your Workflow, Part 1: Building OSINT Checklists appeared first on TrustedSec.

Continue reading Upgrade Your Workflow, Part 1: Building OSINT Checklists

COVID-19 and Preparing for Changing Cybersecurity Risks

Posted on by

There is no denying that the COVID-19 pandemic is significantly impacting many people’s daily lives, with “social distancing” quickly being added to the social lexicon, schools closing, and events being canceled. Additionally, many businesses are rapidly moving to a remote and work from home model. While many organizations already have a large number of employees…

The post COVID-19 and Preparing for Changing Cybersecurity Risks appeared first on TrustedSec.

Continue reading COVID-19 and Preparing for Changing Cybersecurity Risks

Threat Hunting – Outbound RDP Surprises

Posted on by

Opener Through threat hunting, an organization can break away from a reactive approach to identifying incidents and evolve into a proactive operation that actively looks for incidents. The high-level threat hunting pipeline consists of taking a hypothesis built around threats specific to the organization, lab testing and validating the hypothesis, implementing security operation detection, testing…

The post Threat Hunting – Outbound RDP Surprises appeared first on TrustedSec.

Continue reading Threat Hunting – Outbound RDP Surprises

Detecting CVE-20200688 Remote Code Execution Vulnerability on Microsoft Exchange Server

Posted on by

Microsoft recently released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an attacker to send a specially crafted payload to the server and have it execute an embedded command. Researchers released proof of concept (POC) exploits for this vulnerability on February 24, 2020….

The post Detecting CVE-20200688 Remote Code Execution Vulnerability on Microsoft Exchange Server appeared first on TrustedSec.

Continue reading Detecting CVE-20200688 Remote Code Execution Vulnerability on Microsoft Exchange Server

Weak in, Weak out: Keeping Password Lists Current

Posted on by

THIS POST WAS WRITTEN BY @NYXGEEK When performing brute-force attacks, it’s our first instinct to go to the current season and year, i.e., Winter20, Winter2020. But it’s important to keep in mind that many organizations use a 90-day password change window, and 90 days can be a deceptively long time. For instance, as of today, February…

The post Weak in, Weak out: Keeping Password Lists Current appeared first on TrustedSec.

Continue reading Weak in, Weak out: Keeping Password Lists Current

Achieving Passive User Enumeration with OneDrive

Posted on by

This post was written by @nyxgeek Microsoft recently fixed a beloved user enumeration vulnerability in Office 365 that I routinely used to gain valid credentials for the last couple of years (https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/). Microsoft still hasn’t changed its official stance on user-enumeration-as-a-bug (they say it’s NOT a problem), and the company opted to fix this latest…

The post Achieving Passive User Enumeration with OneDrive appeared first on TrustedSec.

Continue reading Achieving Passive User Enumeration with OneDrive

Why We Are Launching the TrustedSec Sysmon Community Guide

Posted on by

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

The post Why We Are Launching the TrustedSec Sysmon Community Guide appeared first on TrustedSec.

Continue reading Why We Are Launching the TrustedSec Sysmon Community Guide

SIGINT to Synthesis

Posted on by

Not too long ago, I was at a hardware store and I came across some lights that I wanted to play with because I had a feeling they could be fun for Halloween and make for a decent blog post. Before I purchased the lights, I looked at their online manual and checked to see…

The post SIGINT to Synthesis appeared first on TrustedSec.

Continue reading SIGINT to Synthesis