Collaborate Disseminate
Insecure By Default Mobile application assessments diverge somewhat from normal web application assessments as there is an installed client application on a local device to go along with the backend server. Mobile applications can often work offline, and thus have a local store of data. This is commonly in the form of SQLite databases stored…
The post Looting iOS App’s Cache.db appeared first on TrustedSec.
Back in May of 2018, I wrote a blog post detailing the steps I took to detect Kerberoast (T1558.003) attacks. This research allowed us to help organizations build a detection for when a threat actor requests the Kerberos ticket for accounts with a service principal name established. In this blog post, I am going to…
The post The Art of Bypassing Kerberoast Detections with Orpheus appeared first on TrustedSec.
Continue reading The Art of Bypassing Kerberoast Detections with Orpheus
In part 1 of this blog mini-series, we looked at memory regions and analyzed them to find some potential malicious behavior. In part 2, we will do the same thing with enumerating threads. Nobody explains it better than Microsoft—here is their explanation of what a thread is: “A thread is the basic unit to which…
The post Windows Processes, Nefarious Anomalies, and You: Threads appeared first on TrustedSec.
Continue reading Windows Processes, Nefarious Anomalies, and You: Threads
While operating on a red team, the likelihood of an Endpoint Detection and Response (EDR) being present on a host is becoming increasingly higher than it was a few years ago. When an implant is being initiated on a host, whether it’s on-disk or loaded into memory, then there is a lot to consider. In…
The post Windows Processes, Nefarious Anomalies, and You: Memory Regions appeared first on TrustedSec.
Continue reading Windows Processes, Nefarious Anomalies, and You: Memory Regions
TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do…
The post How to Get the Most Out of Your Pentest appeared first on TrustedSec.
In this video, our Principal Research Analyst Scott Nusbaum goes over his research on LastPass Password Manager. He discusses how the credentials are exposed in memory to an attacker that is present on the host and is able to access the browser process. He also goes over on how LastPass could modify their extension to…
The post LastPass in Memory Exposure appeared first on TrustedSec.
Nowadays, password managers are king. We use password managers to secure our most sensitive credentials to a myriad of services and sites; a compromise of the password manager could prove devastating. Due to recently disclosed critical Common Vulnerabilities and Exposures (CVEs) involving ManageEngine’s Password Manager Pro software, a client came to us at TrustedSec, wondering:…
The post The Curious Case of the Password Database appeared first on TrustedSec.
SolarWinds! You hear the name and immediately think “solutions management” or big screens full of more network information than you can shake a stick at. SolarWinds has been on the scene since 1999, and their products and solutions can be found in networks worldwide. SolarWinds Dameware Mini Remote Control is one such offering. On the…
The post Dameware Mini: The Sleeper Hit of 2019? appeared first on TrustedSec.
With the ever-increasing demand for mobile technology, it seems like there is an app to do just about anything you can think of, right on your cell phone. From banking to mobile gaming and even controlling the RGB lights installed in your home office, everything is interconnected now. With the rise of this functionality also…
The post Set Up an Android Hacking Lab for $0 appeared first on TrustedSec.
1.0 Intro Prior to making a career change to offensive security, I spent over 15 years working for a Cisco partner designing and implementing enterprise and VoIP networks. During that time, I performed best practice assessments aimed at identifying misconfigurations that could lead to a network compromise. Today, I have taken that knowledge and used…
The post Cisco Hackery: Configuration File Download appeared first on TrustedSec.