Nathan Noll – Page 9 – WindowsTechs.com

Thycotic Secret Server: Offline Decryption Methodology

Posted on July 28, 2020 by Nathan Noll

On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simple as finding somebody that…

The post Thycotic Secret Server: Offline Decryption Methodology appeared first on TrustedSec.

Continue reading Thycotic Secret Server: Offline Decryption Methodology→

8 Keys to Writing Safer Code

Posted on July 9, 2020 by Nathan Noll

All too often, security in code is an afterthought. There’s a reason that bug bounties are so prevalent; as codebases get larger, testing gets harder. Add in the time constraints of a “move fast and break things” mentality and it’s no wonder so many security issues arise. The basics might be there, encrypted connections, hashed…

The post 8 Keys to Writing Safer Code appeared first on TrustedSec.

Continue reading 8 Keys to Writing Safer Code→

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

Posted on July 7, 2020 by Nathan Noll

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is…

The post Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation appeared first on TrustedSec.

Continue reading Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation→

Let TrustedSec Be Your Guide

Posted on June 29, 2020 by Nathan Noll

Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec. After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times,…

The post Let TrustedSec Be Your Guide appeared first on TrustedSec.

Continue reading Let TrustedSec Be Your Guide→

Using Effectiveness Assessments to Identify Quick Wins

Posted on June 23, 2020 by Nathan Noll

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

The post Using Effectiveness Assessments to Identify Quick Wins appeared first on TrustedSec.

Continue reading Using Effectiveness Assessments to Identify Quick Wins→

Workflow Improvements for Pentesters

Posted on June 16, 2020 by Nathan Noll

As penetration testers, we are always on the lookout for quality of life improvements. Whether it’s scripting, automating some mundane process, or trying to conquer that all-important client report, it is in our very nature to constantly strive to make things better. One way to advance your art as a pentester is through workflow improvements….

The post Workflow Improvements for Pentesters appeared first on TrustedSec.

Continue reading Workflow Improvements for Pentesters→

Abusing Windows Telemetry for Persistence

Posted on June 9, 2020 by Nathan Noll

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10. As of this posting, this persistence technique requires local admin rights to install…

The post Abusing Windows Telemetry for Persistence appeared first on TrustedSec.

Continue reading Abusing Windows Telemetry for Persistence→

Introducing Proxy Helper – A New WiFi Pineapple Module

Posted on May 26, 2020 by Nathan Noll

I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application…

The post Introducing Proxy Helper – A New WiFi Pineapple Module appeared first on TrustedSec.

Continue reading Introducing Proxy Helper – A New WiFi Pineapple Module→

Want Better Alerting? Consider Your Business Processes

Posted on May 19, 2020 by Nathan Noll

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

The post Want Better Alerting? Consider Your Business Processes appeared first on TrustedSec.

Continue reading Want Better Alerting? Consider Your Business Processes→