Author Archives: Nathan Noll

Video Blog: Using DLL Persist to Avoid Detection

Posted on by

During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code…

The post Video Blog: Using DLL Persist to Avoid Detection appeared first on TrustedSec.

Continue reading Video Blog: Using DLL Persist to Avoid Detection

The Crucial Role of Data Center Resiliency in Business Security

Posted on by

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.

Continue reading The Crucial Role of Data Center Resiliency in Business Security

Detection and Alerting: Selecting a SIEM

Posted on by

Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the…

The post Detection and Alerting: Selecting a SIEM appeared first on TrustedSec.

Continue reading Detection and Alerting: Selecting a SIEM

Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Posted on by

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when…

The post Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience appeared first on TrustedSec.

Continue reading Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Scraping Login Credentials With XSS

Posted on by

Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credentials to…

The post Scraping Login Credentials With XSS appeared first on TrustedSec.

Continue reading Scraping Login Credentials With XSS

A Diamond in the Ruff

Posted on by

This blog post was co-authored with Charlie Clark at Semperis 1.1      Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING, they outlined something we…

The post A Diamond in the Ruff appeared first on TrustedSec.

Continue reading A Diamond in the Ruff

WMI Providers for Script Kiddies

Posted on by

Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed…

The post WMI Providers for Script Kiddies appeared first on TrustedSec.

Continue reading WMI Providers for Script Kiddies

Intro to Web App Security Testing: Burp Suite Tips & Tricks

Posted on by

A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many users may not stray far from the staples they know. However, after years…

The post Intro to Web App Security Testing: Burp Suite Tips & Tricks appeared first on TrustedSec.

Continue reading Intro to Web App Security Testing: Burp Suite Tips & Tricks

Splunk SPL Queries for Detecting gMSA Attacks

Posted on by

1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…

The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.

Continue reading Splunk SPL Queries for Detecting gMSA Attacks

Putting the team in red team

Posted on by

One of the more common questions we receive during a red team scoping call or RFP Q&A call is, how many dedicated consultants will be involved in the assessment? There is no “correct” answer to this question, and ultimately, the answer as to how red team engagements are staffed comes down to how the consultancy…

The post Putting the team in red team appeared first on TrustedSec.

Continue reading Putting the team in red team