Author Archives: Nathan Noll

Why your threat hunting program building shouldn’t stop once the engagement is over

Posted on by

Let’s see, it looks like your organization just met an annual Threat Hunting assessment compliance requirement or achieved the introductory objective of experiencing a formal Threat Hunting assessment. Well done! Now, what should the organization take into consideration after successfully completing the assessment? Once a third-party Threat Hunting assessment concludes, many organizations may feel overwhelmed…

The post Why your threat hunting program building shouldn’t stop once the engagement is over appeared first on TrustedSec.

Continue reading Why your threat hunting program building shouldn’t stop once the engagement is over

Obsidian, Taming a Collective Consciousness

Posted on by

The Problem On August 05, 2021, a member of the Conti ransomware group leaked some of the group’s internal playbooks and technical documentation. Irrespective of any details surrounding the leak or its contents, the event itself prompted a more widespread examination of how teams’ maintain their operational playbooks and documentation. A tweet by Mubix came…

The post Obsidian, Taming a Collective Consciousness appeared first on TrustedSec.

Continue reading Obsidian, Taming a Collective Consciousness

Oh, Behave! Figuring Out User Behavior

Posted on by

One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behavior becomes even more important when attempting to defeat next generation of EDRs that…

The post Oh, Behave! Figuring Out User Behavior appeared first on TrustedSec.

Continue reading Oh, Behave! Figuring Out User Behavior

BITS Persistence for Script Kiddies

Posted on by

Introduction Using and abusing the BITS service is a lot of fun. I can’t believe Windows just gives away this hacker tool for free. But wait, wait, are you telling me that there’s more? Does it come with a free blender? What else can this service do for me? In the last installment, we covered…

The post BITS Persistence for Script Kiddies appeared first on TrustedSec.

Continue reading BITS Persistence for Script Kiddies

The Backup Paradigm Shift: Moving Toward Attack Response Systems

Posted on by

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…

The post The Backup Paradigm Shift: Moving Toward Attack Response Systems appeared first on TrustedSec.

Continue reading The Backup Paradigm Shift: Moving Toward Attack Response Systems

Real or Fake? When Your Fraud Notice Looks Like a Phish

Posted on by

So I Received a Phishing Email… I recently received an email indicating my credit card number had potentially been stolen and used for fraud. At this point, I am used to both having my credit card number stolen and receiving messages telling me it’s been stolen when it has not. My attempt to determine whether…

The post Real or Fake? When Your Fraud Notice Looks Like a Phish appeared first on TrustedSec.

Continue reading Real or Fake? When Your Fraud Notice Looks Like a Phish

PCI Specialist Art “Coop” Cooper Joins TrustedSec Team

Posted on by

When I founded TrustedSec in 2012, I knew exactly the type of person that I wanted to work alongside: talented, passionate about their corner of the security industry, and genuinely interested in helping anyone with the desire to learn more. After nearly a decade, I’m thrilled that TrustedSec is still able to add new people…

The post PCI Specialist Art “Coop” Cooper Joins TrustedSec Team appeared first on TrustedSec.

Continue reading PCI Specialist Art “Coop” Cooper Joins TrustedSec Team

Azure Application Proxy C2

Posted on by

With the ever-tightening defensive grip on techniques like domain fronting and detections becoming more effective at identifying common command and control (C2) traffic patterns, our ability to adapt to different egress methods is being tested. Of course, finding methods of pushing out C2 traffic can be a fun exercise during a Red Team engagement. A…

The post Azure Application Proxy C2 appeared first on TrustedSec.

Continue reading Azure Application Proxy C2

Strength Training With Transport Cryptology: Part 2

Posted on by

In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you….

The post Strength Training With Transport Cryptology: Part 2 appeared first on TrustedSec.

Continue reading Strength Training With Transport Cryptology: Part 2

Strength Training With Transport Cryptology: Part 1

Posted on by

I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new…

The post Strength Training With Transport Cryptology: Part 1 appeared first on TrustedSec.

Continue reading Strength Training With Transport Cryptology: Part 1