penetration testing – Page 13

The Curious Case of the Password Database

Posted on October 20, 2022 by Roza Maille

Nowadays, password managers are king. We use password managers to secure our most sensitive credentials to a myriad of services and sites; a compromise of the password manager could prove devastating. Due to recently disclosed critical Common Vulnerabilities and Exposures (CVEs) involving ManageEngine’s Password Manager Pro software, a client came to us at TrustedSec, wondering:…

The post The Curious Case of the Password Database appeared first on TrustedSec.

Continue reading The Curious Case of the Password Database→

Dameware Mini: The Sleeper Hit of 2019?

Posted on October 18, 2022 by Roza Maille

SolarWinds! You hear the name and immediately think “solutions management” or big screens full of more network information than you can shake a stick at. SolarWinds has been on the scene since 1999, and their products and solutions can be found in networks worldwide. SolarWinds Dameware Mini Remote Control is one such offering. On the…

The post Dameware Mini: The Sleeper Hit of 2019? appeared first on TrustedSec.

Continue reading Dameware Mini: The Sleeper Hit of 2019?→

Set Up an Android Hacking Lab for $0

Posted on October 13, 2022 by Roza Maille

With the ever-increasing demand for mobile technology, it seems like there is an app to do just about anything you can think of, right on your cell phone. From banking to mobile gaming and even controlling the RGB lights installed in your home office, everything is interconnected now. With the rise of this functionality also…

The post Set Up an Android Hacking Lab for $0 appeared first on TrustedSec.

Continue reading Set Up an Android Hacking Lab for $0→

An introduction to Kali Linux

Posted on October 11, 2022 by Help Net Security

Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing. Kali Linux also comes with several hundred specialized tools for carrying out p… Continue reading An introduction to Kali Linux→

Cisco Hackery: Configuration File Download

Posted on October 6, 2022 by Nathan Noll

1.0 Intro Prior to making a career change to offensive security, I spent over 15 years working for a Cisco partner designing and implementing enterprise and VoIP networks. During that time, I performed best practice assessments aimed at identifying misconfigurations that could lead to a network compromise. Today, I have taken that knowledge and used…

The post Cisco Hackery: Configuration File Download appeared first on TrustedSec.

Continue reading Cisco Hackery: Configuration File Download→

Common Conditional Access Misconfigurations and Bypasses in Azure

Posted on October 4, 2022 by Nathan Noll

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

The post Common Conditional Access Misconfigurations and Bypasses in Azure appeared first on TrustedSec.

Continue reading Common Conditional Access Misconfigurations and Bypasses in Azure→

Working with data in JSON format

Posted on September 27, 2022 by Nathan Noll

What is JSON? What is JSON? JSON is an acronym for JavaScript Object Notation. For years it has been in use as a common serialization format for APIs across the web. It also has gained favor as a format for logging (particularly for use in structured logging). Now, it has become even more common for…

The post Working with data in JSON format appeared first on TrustedSec.

Continue reading Working with data in JSON format→

Risk management focus shifts from external to internal exposure

Posted on September 23, 2022 by Help Net Security

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishin… Continue reading Risk management focus shifts from external to internal exposure→

Watch Out for UUIDs in Request Parameters

Posted on September 22, 2022 by Nathan Noll

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which…

The post Watch Out for UUIDs in Request Parameters appeared first on TrustedSec.

Continue reading Watch Out for UUIDs in Request Parameters→

I Wanna Go Fast, Really Fast, like (Kerberos) FAST

Posted on September 20, 2022 by Nathan Noll

1 Introduction At TrustedSec, we weigh an information security program’s ability to defend against a single specified attack by measuring detection, deflection, and deterrence. Now while a majority of my blog posts have been concentrated around detection this post is more ‘deterrence’ focused. I first heard about Kerberos FAST from Steve Syfuhs (@SteveSyfuhs) of Microsoft…

The post I Wanna Go Fast, Really Fast, like (Kerberos) FAST appeared first on TrustedSec.

Continue reading I Wanna Go Fast, Really Fast, like (Kerberos) FAST→