Category Archives: Security Program Management

Why Risk Assessments are Essential for Information Security Maturity

Posted on by

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk Assessment results. Organizations without any compliance obligations will still benefit from Risk Assessment as they are a key tool for efficiently increasing Information Security maturity and, more importantly, aligning Information Security with business needs and constraints. This…

The post Why Risk Assessments are Essential for Information Security Maturity appeared first on TrustedSec.

Continue reading Why Risk Assessments are Essential for Information Security Maturity

The First Steps on the Zero Trust Journey

Posted on by

One of the most discussed concepts in the Information Security world in recent history has been Zero Trust. Although many vendors claim to have products for implementing Zero Trust, an organization must not view them as an instant solution to achieving Zero Trust. Zero Trust should be viewed as a philosophy comprised of many controls…

The post The First Steps on the Zero Trust Journey appeared first on TrustedSec.

Continue reading The First Steps on the Zero Trust Journey

Building a Strong Foundation With the Information Security Accelerator

Posted on by

Bottom Line Up Front Common threats like malware, ransomware, web application hacking, insider and privilege misuse, and targeted intrusions don’t have to spell disaster. Mid-market companies and small-to-medium businesses (SMBs) can cut through the confusion of how to build a solid security program. Our Information Security Accelerator service is designed to help your organization chart…

The post Building a Strong Foundation With the Information Security Accelerator appeared first on TrustedSec.

Continue reading Building a Strong Foundation With the Information Security Accelerator

The Crucial Role of Data Center Resiliency in Business Security

Posted on by

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.

Continue reading The Crucial Role of Data Center Resiliency in Business Security

Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Posted on by

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when…

The post Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience appeared first on TrustedSec.

Continue reading Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Recovering Randomly Generated Passwords

Posted on by

TL;DR – Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwords masks_8.hcmask 9 Character Passwords masks_9.hcmask 10 Character Passwords masks_10.hcmask When testing a client’s security posture, TrustedSec will sometimes conduct a password audit. This involves attempting to recover the plaintext password by extracting and cracking the NTLM hashes…

The post Recovering Randomly Generated Passwords appeared first on TrustedSec.

Continue reading Recovering Randomly Generated Passwords

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

Posted on by

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…

The post Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC appeared first on TrustedSec.

Continue reading Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

Real or Fake? How to Spoof Email

Posted on by

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

The post Real or Fake? How to Spoof Email appeared first on TrustedSec.

Continue reading Real or Fake? How to Spoof Email

Creating a Malicious Azure AD OAuth2 Application

Posted on by

THIS POST WAS WRITTEN BY @NYXGEEK I decided to write this blog because I’ve seen a lot of articles mentioning that attackers will use a malicious OAuth web app with Azure AD, but I hadn’t actually seen much in the way of good examples of doing so. I’m sure I will find a dozen fantastic examples…

The post Creating a Malicious Azure AD OAuth2 Application appeared first on TrustedSec.

Continue reading Creating a Malicious Azure AD OAuth2 Application

Update: The Defensive Security Strategy

Posted on by

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

The post Update: The Defensive Security Strategy appeared first on TrustedSec.

Continue reading Update: The Defensive Security Strategy