Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

The post Securing a Remote Workforce: Top Five Things to Focus on For Everyone appeared first on TrustedSec.

Continue reading Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Upgrade Your Workflow, Part 2: Building Phishing Checklists

Continuing on the idea of creating checklists, (see previous blog about OSINT checklists), I wanted to share my personal phishing checklist. This list is what I use to make sure I have covered all my bases before firing the email. Some of these items may or may not be used, depending on your pretext. TLDR:…

The post Upgrade Your Workflow, Part 2: Building Phishing Checklists appeared first on TrustedSec.

Continue reading Upgrade Your Workflow, Part 2: Building Phishing Checklists

Upgrade Your Workflow, Part 1: Building OSINT Checklists

With so many new cool techniques and tools being released every day, I’ve caught myself going down rabbit holes or chasing false leads during engagements. Sometimes I’ll get so bogged down with tunnel-vision that I make OpSec mistakes or delay an entire testing objective. At best, this could result in my attacks being discovered, resulting…

The post Upgrade Your Workflow, Part 1: Building OSINT Checklists appeared first on TrustedSec.

Continue reading Upgrade Your Workflow, Part 1: Building OSINT Checklists

Intro to Macros and VBA for Script Kiddies

Introduction Why can’t I pwn my friends anymore? It seems like all my Metasploit magic is getting caught—even my modified, secret-sauce payloads. DEP. ASLR. EDRs. Sandboxes. Whitelists. It’s no fun anymore! So, you thought you were a 1337 h4x0r? You thought you had mad ‘sploit-writing, shell-popping skillz? First, you learned Python (so easy), then C…

The post Intro to Macros and VBA for Script Kiddies appeared first on TrustedSec.

Continue reading Intro to Macros and VBA for Script Kiddies

Weak in, Weak out: Keeping Password Lists Current

THIS POST WAS WRITTEN BY @NYXGEEK When performing brute-force attacks, it’s our first instinct to go to the current season and year, i.e., Winter20, Winter2020. But it’s important to keep in mind that many organizations use a 90-day password change window, and 90 days can be a deceptively long time. For instance, as of today, February…

The post Weak in, Weak out: Keeping Password Lists Current appeared first on TrustedSec.

Continue reading Weak in, Weak out: Keeping Password Lists Current

Achieving Passive User Enumeration with OneDrive

This post was written by @nyxgeek Microsoft recently fixed a beloved user enumeration vulnerability in Office 365 that I routinely used to gain valid credentials for the last couple of years (https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/). Microsoft still hasn’t changed its official stance on user-enumeration-as-a-bug (they say it’s NOT a problem), and the company opted to fix this latest…

The post Achieving Passive User Enumeration with OneDrive appeared first on TrustedSec.

Continue reading Achieving Passive User Enumeration with OneDrive

Why We Are Launching the TrustedSec Sysmon Community Guide

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

The post Why We Are Launching the TrustedSec Sysmon Community Guide appeared first on TrustedSec.

Continue reading Why We Are Launching the TrustedSec Sysmon Community Guide

SIGINT to Synthesis

Not too long ago, I was at a hardware store and I came across some lights that I wanted to play with because I had a feeling they could be fun for Halloween and make for a decent blog post. Before I purchased the lights, I looked at their online manual and checked to see…

The post SIGINT to Synthesis appeared first on TrustedSec.

Continue reading SIGINT to Synthesis

Finding a Privilege Escalation in the Intel Trusted Connect Service Client

In this post, we will cover a privilege escalation that I found in the Intel Trusted Connect Service Client. The Connect Service Client is part of Intel Management Engine Components and is designed to permit a non-privileged user to become system. After communicating with Intel about the vulnerability, it was discovered that this was already…

The post Finding a Privilege Escalation in the Intel Trusted Connect Service Client appeared first on TrustedSec.

Continue reading Finding a Privilege Escalation in the Intel Trusted Connect Service Client

NetScaler Honeypot

The Citrix NetScaler remote code execution vulnerability (CVE-2019-19781) has been a pretty popular topic over the last few weeks. Once public exploits of the vulnerability started to appear in the wild, TrustedSec deployed a Citrix NetScaler honeypot. We did not have to wait long for the attacks to begin. Less than 24 hours after deployment,…

The post NetScaler Honeypot appeared first on TrustedSec.

Continue reading NetScaler Honeypot