Collaborate Disseminate
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management…
The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.
When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the…
The post CVE-2022-24696 – Glance by Mirametrix Privilege Escalation appeared first on TrustedSec.
Continue reading CVE-2022-24696 – Glance by Mirametrix Privilege Escalation
Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of…
The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene appeared first on TrustedSec.
Continue reading Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene
Introduction When doing an Internal Penetration Test, it is not uncommon to run BloodHound at one point or another. In case you are not familiar with BloodHound, it’s a tool that automatically fires off a bunch of LDAP queries and Windows API calls to collect various data in an Active Directory environment. Data can range…
The post Expanding the Hound: Introducing Plaintext Field to Compromised Accounts appeared first on TrustedSec.
Continue reading Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
There are two common reasons you may want to change a user’s password during a penetration test: You have their NT hash but not their plaintext password. Changing their password to a known plaintext value can allow you to access services in which Pass-the-Hash is not an option. You don’t have their NT hash or…
The post Manipulating User Passwords Without Mimikatz appeared first on TrustedSec.
Continue reading Manipulating User Passwords Without Mimikatz
Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we…
The post Avoiding Mixed Content Errors with an HTTPS Python Server appeared first on TrustedSec.
Continue reading Avoiding Mixed Content Errors with an HTTPS Python Server
Technology changes and defenses get better, but some things stay the same—like human gullibility, which can be easily exploited through social engineering. What is social engineering? Social engineering, at its core, is taking advantage of human nature. Humans are innately trusting, often try to help, and want to avoid confrontation. A big facet of social…
The post Social Engineering Basics: How to Win Friends and Infiltrate Businesses appeared first on TrustedSec.
Continue reading Social Engineering Basics: How to Win Friends and Infiltrate Businesses
Using an OS binary to carry out our bidding has been a tactic employed by Red Teamers for years. This eventually led to us coining the term LOLBIN. This tactic is typically used as a way of flying under the radar of EDR solutions or to bypass application whitelisting by surrounding our code in the…
The post Object Overloading appeared first on TrustedSec.
For years now, Internal Penetration Testing teams have been successful in obtaining a foothold or even compromising entire domains through a technique called NTLM relaying. The earliest, most descriptive relaying blog post I could find dates all the way back to 2017 written by Marcello, better known as byt3bl33d3r:https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html At the time of writing this…
The post I’m bringing relaying back: A comprehensive guide on relaying anno 2022 appeared first on TrustedSec.
Continue reading I’m bringing relaying back: A comprehensive guide on relaying anno 2022
TL;DR – Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwords masks_8.hcmask 9 Character Passwords masks_9.hcmask 10 Character Passwords masks_10.hcmask When testing a client’s security posture, TrustedSec will sometimes conduct a password audit. This involves attempting to recover the plaintext password by extracting and cracking the NTLM hashes…
The post Recovering Randomly Generated Passwords appeared first on TrustedSec.