8 Keys to Writing Safer Code

All too often, security in code is an afterthought. There’s a reason that bug bounties are so prevalent; as codebases get larger, testing gets harder. Add in the time constraints of a “move fast and break things” mentality and it’s no wonder so many security issues arise. The basics might be there, encrypted connections, hashed…

The post 8 Keys to Writing Safer Code appeared first on TrustedSec.

Continue reading 8 Keys to Writing Safer Code

MSBuild: A Profitable Sidekick!

This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin) through a Remote Desktop Protocol (RDP) connection. The Situation: At the start of this engagement, I faced the common task of needing to escalate privileges after acquiring low-level access to a…

The post MSBuild: A Profitable Sidekick! appeared first on TrustedSec.

Continue reading MSBuild: A Profitable Sidekick!

Workflow Improvements for Pentesters

As penetration testers, we are always on the lookout for quality of life improvements. Whether it’s scripting, automating some mundane process, or trying to conquer that all-important client report, it is in our very nature to constantly strive to make things better. One way to advance your art as a pentester is through workflow improvements….

The post Workflow Improvements for Pentesters appeared first on TrustedSec.

Continue reading Workflow Improvements for Pentesters

Abusing Windows Telemetry for Persistence

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10. As of this posting, this persistence technique requires local admin rights to install…

The post Abusing Windows Telemetry for Persistence appeared first on TrustedSec.

Continue reading Abusing Windows Telemetry for Persistence

Introducing Proxy Helper – A New WiFi Pineapple Module

I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application…

The post Introducing Proxy Helper – A New WiFi Pineapple Module appeared first on TrustedSec.

Continue reading Introducing Proxy Helper – A New WiFi Pineapple Module

Practical OAuth Abuse for Offensive Operations – Part 1

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to…

The post Practical OAuth Abuse for Offensive Operations – Part 1 appeared first on TrustedSec.

Continue reading Practical OAuth Abuse for Offensive Operations – Part 1

Breaking Typical Windows Hardening Implementations

In this post, I will go over some hardening configurations that are typically set in Group Policy settings and ways to bypass them. It is important to remember that hardening configurations can be a whole series of different settings. For this post, I am showing only a few specific settings, meaning that if these were…

The post Breaking Typical Windows Hardening Implementations appeared first on TrustedSec.

Continue reading Breaking Typical Windows Hardening Implementations

Generating SSH Config Files with Ansible

If you like to stand up infrastructure in the cloud using Ansible (like we do), one of the pain points can be getting the new instance IP addresses configured in an SSH config file for easy connecting. This used to be a manual process, but generating these files as part of your playbook is straightforward…

The post Generating SSH Config Files with Ansible appeared first on TrustedSec.

Continue reading Generating SSH Config Files with Ansible

Wanted: Process Command Lines

As a Red teamer, the key to not getting detected is to blend in. That means that if I need to spawn a new process on a host, it is important that it looks legitimate with command line parameters that look correct. Many system binaries have a set of parameters when they are executed. This…

The post Wanted: Process Command Lines appeared first on TrustedSec.

Continue reading Wanted: Process Command Lines

PentesterLab Pro Giveaway

We are excited to announce that we will be giving away 200 one-month subscriptions to PentesterLab Pro. During these challenging times, we hope that you will be able to use this learning resource to improve your web application testing skills. PentesterLab Pro is a leading industry tool designed to make learning web hacking easier. Using hands-on…

The post PentesterLab Pro Giveaway appeared first on TrustedSec.

Continue reading PentesterLab Pro Giveaway