Collaborate Disseminate
Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed…
The post WMI Providers for Script Kiddies appeared first on TrustedSec.
Today’s threat landscape is constantly evolving. Threat actors and tactics are becoming more determined and advanced. In this video for Help Net Security, Jaspal Sawhney, Global CISO at Tata Communications, talks about future proofing, which starts wit… Continue reading Future proofing: How companies can upgrade cyber defenses and be ready for tomorrow
If there’s something weird in your Network Neighborhood, who you gonna call? If you want your WiFi troubles diagnosed in style, try calling [Travis Kaun] — he might just show …read more Continue reading Track Down Ghosts in Your WiFi With the Pwnton Pack
A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many users may not stray far from the staples they know. However, after years…
The post Intro to Web App Security Testing: Burp Suite Tips & Tricks appeared first on TrustedSec.
Continue reading Intro to Web App Security Testing: Burp Suite Tips & Tricks
This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film release, my nostalgia was hitting a fever pitch. Shortly after our Christmas dinner,…
The post Pwnton Pack: An Unlicensed 802.11 Particle Accelerator appeared first on TrustedSec.
Continue reading Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
1 Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…
The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.
Continue reading Splunk SPL Queries for Detecting gMSA Attacks
Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform. Cosmetic changes Kali Linux 2022.2 comes with: A new version of the GNOME desktop environment, for “a more po… Continue reading Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!
As ransomware attacks continue to increase and cybercriminals are becoming more sophisticated, the federal government has implemented a more proactive approach when it comes to cybersecurity. As evidenced by its stated strategy to adopt a zero trust ar… Continue reading An offensive mindset is crucial for effective cyber defense
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed…
The post Diving into pre-created computer accounts appeared first on TrustedSec.
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed…
The post Diving into pre-created computer accounts appeared first on TrustedSec.