Collaborate Disseminate
At TrustedSec, we work with a lot of Chief Security Officers. As a security company, it’s a role that we think is vitally important to every organization’s success. Historically, our entire team has made a collective effort to meet our own security goals. However, as we continue to grow, we recognize that having a central…
The post Practicing What We Preach appeared first on TrustedSec.
For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…
The post Yes, It’s Time for a Security Gap Assessment appeared first on TrustedSec.
Continue reading Yes, It’s Time for a Security Gap Assessment
Over the last several days, many organizations have been affected by the Microsoft Exchange Hafnium attacks. As a result, TrustedSec’s Incident Response team has gained a lot of experience in a very short time on how to respond to these attacks and what to look for. Many of the compromised servers we have examined were…
The post New Service Launched in Response to Hafnium Attacks appeared first on TrustedSec.
Continue reading New Service Launched in Response to Hafnium Attacks
TrustedSec has been approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (https://www.cmmcab.org/) as a Registered Provider Organization. In line with our mission of increasing the security posture of organizations around the world, TrustedSec is pleased to be a part of the program aimed at improving and ensuring the security maturity of the Defense…
The post TrustedSec Approved as a CMMC Registered Provider Organization! appeared first on TrustedSec.
Continue reading TrustedSec Approved as a CMMC Registered Provider Organization!
TrustedSec works with clients of all sizes on Cybersecurity Maturity Model Certification (CMMC) readiness engagements, but recently we’ve received a few questions on how smaller organizations can help to offset some of the costs related to CMMC compliance. There are three (3) typical paths for small organizations to obtain financial assistance regarding CMMC activities. We…
The post CMMC Small Business Funding Roundup appeared first on TrustedSec.
In the age of threat hunting, automated mass scanning, and the occasionally curious SOC, properly securing your command and control (C2) infrastructure is key to any engagement. While many setups today include a CDN Domain Front with a custom Nginx or Apache ruleset sprinkled on top, I wanted to share my recipe for success. Fully…
The post Front, Validate, and Redirect appeared first on TrustedSec.
We’ve all been there: you’ve completed your initial recon, sent in your emails to gather those leaked HTTP headers, spent an age configuring your malleable profile to be just right, set up your CDNs, and spun up your redirectors. Then it’s time, you send in your email aaaaaand…nothing. You can see from your DNS diagnostic…
The post Tailoring Cobalt Strike on Target appeared first on TrustedSec.
A security researcher (Joel Noguera @niemand_sec) discovered a ‘critical’ misconfiguration bug in Spring Data’s Application Level Profile Semantics (ALPS). This bug allows unauthenticated users to perform an Application Programming Interface (API) request, which responds with sensitive user data that can be utilized, manipulated, or even deleted. What is ALPS? “ALPS [is] a data format for defining…
The post What Spring Data can teach us about API misconfiguration appeared first on TrustedSec.
Continue reading What Spring Data can teach us about API misconfiguration
I’m sure everyone is already using Masscan and I’m the last one to jump on the bandwagon. Honestly, I don’t know how I got anything done before finding this tool. If you’re not aware, Masscan is an asynchronous, TCP network port scanner. It’s an incredibly fast tool that can be used to quickly identify live…
The post Get to Hacking MASSively Faster – The Release of SpooNMAP appeared first on TrustedSec.
Continue reading Get to Hacking MASSively Faster – The Release of SpooNMAP
In the wake of recent revelations regarding a supply chain compromise of the SolarWinds Orion platform by a nation-state actor, and subsequent targeting of private sector and government organizations by said actor, the TrustedSec Incident Response team is releasing the following summary and guidance. This guidance reflects information from industry counterparts as well as recommendations…
The post SolarWinds Orion and UNC2452 – Summary and Recommendations appeared first on TrustedSec.
Continue reading SolarWinds Orion and UNC2452 – Summary and Recommendations