Author Archives: Nathan Noll

How to Get the Most Out of Your Pentest

Posted on by

TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do…

The post How to Get the Most Out of Your Pentest appeared first on TrustedSec.

Continue reading How to Get the Most Out of Your Pentest

LastPass in Memory Exposure

Posted on by

In this video, our Principal Research Analyst Scott Nusbaum goes over his research on LastPass Password Manager. He discusses how the credentials are exposed in memory to an attacker that is present on the host and is able to access the browser process. He also goes over on how LastPass could modify their extension to…

The post LastPass in Memory Exposure appeared first on TrustedSec.

Continue reading LastPass in Memory Exposure

Cisco Hackery: Configuration File Download

Posted on by

1.0 Intro Prior to making a career change to offensive security, I spent over 15 years working for a Cisco partner designing and implementing enterprise and VoIP networks. During that time, I performed best practice assessments aimed at identifying misconfigurations that could lead to a network compromise. Today, I have taken that knowledge and used…

The post Cisco Hackery: Configuration File Download appeared first on TrustedSec.

Continue reading Cisco Hackery: Configuration File Download

Common Conditional Access Misconfigurations and Bypasses in Azure

Posted on by

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

The post Common Conditional Access Misconfigurations and Bypasses in Azure appeared first on TrustedSec.

Continue reading Common Conditional Access Misconfigurations and Bypasses in Azure

Hardening Backups Against Ransomware

Posted on by

Human-operated ransomware represents a unique challenge to backup infrastructures. Unlike in other scenarios, ransomware attackers specifically target and attempt to destroy backup systems to increase the likelihood that a victimized organization will pay the ransom. This threat requires a different approach to securing backup infrastructure. The Old Ways Are Not Enough Traditionally, enterprise backup infrastructures…

The post Hardening Backups Against Ransomware appeared first on TrustedSec.

Continue reading Hardening Backups Against Ransomware

Working with data in JSON format

Posted on by

What is JSON? What is JSON? JSON is an acronym for JavaScript Object Notation. For years it has been in use as a common serialization format for APIs across the web. It also has gained favor as a format for logging (particularly for use in structured logging). Now, it has become even more common for…

The post Working with data in JSON format appeared first on TrustedSec.

Continue reading Working with data in JSON format

Watch Out for UUIDs in Request Parameters

Posted on by

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which…

The post Watch Out for UUIDs in Request Parameters appeared first on TrustedSec.

Continue reading Watch Out for UUIDs in Request Parameters

I Wanna Go Fast, Really Fast, like (Kerberos) FAST

Posted on by

1    Introduction At TrustedSec, we weigh an information security program’s ability to defend against a single specified attack by measuring detection, deflection, and deterrence. Now while a majority of my blog posts have been concentrated around detection this post is more ‘deterrence’ focused. I first heard about Kerberos FAST from Steve Syfuhs (@SteveSyfuhs) of Microsoft…

The post I Wanna Go Fast, Really Fast, like (Kerberos) FAST appeared first on TrustedSec.

Continue reading I Wanna Go Fast, Really Fast, like (Kerberos) FAST

Practical Attacks against NTLMv1

Posted on by

1.1      Introduction This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol. While NTLMv1 is hardly ever needed anymore, a surprising number of organizations still use it, perhaps unknowingly. There are however some VPN products that still currently instruct their users to downgrade NLTM…

The post Practical Attacks against NTLMv1 appeared first on TrustedSec.

Continue reading Practical Attacks against NTLMv1

How Your Team’s Culture Determines the Value of Your Tabletop Exercise

Posted on by

A tabletop exercise (TTX) measures more than an organization’s technical capabilities and adherence to an incident response plan—it facilitates the confluence of personalities and team cultures, in turn revealing friction not only in processes but also in team dynamics. The success of an organization’s response in both a TTX scenario and, more importantly, a real-world…

The post How Your Team’s Culture Determines the Value of Your Tabletop Exercise appeared first on TrustedSec.

Continue reading How Your Team’s Culture Determines the Value of Your Tabletop Exercise