The First Steps on the Zero Trust Journey

One of the most discussed concepts in the Information Security world in recent history has been Zero Trust. Although many vendors claim to have products for implementing Zero Trust, an organization must not view them as an instant solution to achieving Zero Trust. Zero Trust should be viewed as a philosophy comprised of many controls…

The post The First Steps on the Zero Trust Journey appeared first on TrustedSec.

Continue reading The First Steps on the Zero Trust Journey

Recovering Randomly Generated Passwords

TL;DR – Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwords masks_8.hcmask 9 Character Passwords masks_9.hcmask 10 Character Passwords masks_10.hcmask When testing a client’s security posture, TrustedSec will sometimes conduct a password audit. This involves attempting to recover the plaintext password by extracting and cracking the NTLM hashes…

The post Recovering Randomly Generated Passwords appeared first on TrustedSec.

Continue reading Recovering Randomly Generated Passwords

Reducing Merchant Scope to Ease the Compliance Burden

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…

The post Reducing Merchant Scope to Ease the Compliance Burden appeared first on TrustedSec.

Continue reading Reducing Merchant Scope to Ease the Compliance Burden

How I Retained My QSA Certification

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

The post How I Retained My QSA Certification appeared first on TrustedSec.

Continue reading How I Retained My QSA Certification

Why We Are Launching the TrustedSec Sysmon Community Guide

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

The post Why We Are Launching the TrustedSec Sysmon Community Guide appeared first on TrustedSec.

Continue reading Why We Are Launching the TrustedSec Sysmon Community Guide