Collaborate Disseminate
This blog post was co-authored with Charlie Clark at Semperis 1.1 Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING, they outlined something we…
The post A Diamond in the Ruff appeared first on TrustedSec.
With global cyber crime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations af… Continue reading Mind the gap: How to ensure your vulnerability detection methods are up to scratch
If you Google “How often should I do penetration testing?”, the first answer that pops up is “once a year.” Indeed, even industry-leading standards like PCI-DSS dictate that external penetration testing be conducted annually (or after significant chang… Continue reading Once is never enough: The need for continuous penetration testing
Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed…
The post WMI Providers for Script Kiddies appeared first on TrustedSec.
Today’s threat landscape is constantly evolving. Threat actors and tactics are becoming more determined and advanced. In this video for Help Net Security, Jaspal Sawhney, Global CISO at Tata Communications, talks about future proofing, which starts wit… Continue reading Future proofing: How companies can upgrade cyber defenses and be ready for tomorrow
If there’s something weird in your Network Neighborhood, who you gonna call? If you want your WiFi troubles diagnosed in style, try calling [Travis Kaun] — he might just show …read more Continue reading Track Down Ghosts in Your WiFi With the Pwnton Pack
A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many users may not stray far from the staples they know. However, after years…
The post Intro to Web App Security Testing: Burp Suite Tips & Tricks appeared first on TrustedSec.
Continue reading Intro to Web App Security Testing: Burp Suite Tips & Tricks
This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film release, my nostalgia was hitting a fever pitch. Shortly after our Christmas dinner,…
The post Pwnton Pack: An Unlicensed 802.11 Particle Accelerator appeared first on TrustedSec.
Continue reading Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
1 Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…
The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.
Continue reading Splunk SPL Queries for Detecting gMSA Attacks
Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform. Cosmetic changes Kali Linux 2022.2 comes with: A new version of the GNOME desktop environment, for “a more po… Continue reading Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!