Collaborate Disseminate
With the ever-tightening defensive grip on techniques like domain fronting and detections becoming more effective at identifying common command and control (C2) traffic patterns, our ability to adapt to different egress methods is being tested. Of course, finding methods of pushing out C2 traffic can be a fun exercise during a Red Team engagement. A…
The post Azure Application Proxy C2 appeared first on TrustedSec.
As the web application footprint migrates client-side, tools to thoroughly analyze and test client behavior are becoming increasingly important. Burp Suite has made some great strides in this direction with their browser-based enhancements to crawling and scanning, but when it comes time to really dig into the particulars for research, we are still very much…
The post More Options for Response Modification -With ResponseTinker appeared first on TrustedSec.
Continue reading More Options for Response Modification -With ResponseTinker
In the age of threat hunting, automated mass scanning, and the occasionally curious SOC, properly securing your command and control (C2) infrastructure is key to any engagement. While many setups today include a CDN Domain Front with a custom Nginx or Apache ruleset sprinkled on top, I wanted to share my recipe for success. Fully…
The post Front, Validate, and Redirect appeared first on TrustedSec.
We’ve all been there: you’ve completed your initial recon, sent in your emails to gather those leaked HTTP headers, spent an age configuring your malleable profile to be just right, set up your CDNs, and spun up your redirectors. Then it’s time, you send in your email aaaaaand…nothing. You can see from your DNS diagnostic…
The post Tailoring Cobalt Strike on Target appeared first on TrustedSec.
A security researcher (Joel Noguera @niemand_sec) discovered a ‘critical’ misconfiguration bug in Spring Data’s Application Level Profile Semantics (ALPS). This bug allows unauthenticated users to perform an Application Programming Interface (API) request, which responds with sensitive user data that can be utilized, manipulated, or even deleted. What is ALPS? “ALPS [is] a data format for defining…
The post What Spring Data can teach us about API misconfiguration appeared first on TrustedSec.
Continue reading What Spring Data can teach us about API misconfiguration
I’m sure everyone is already using Masscan and I’m the last one to jump on the bandwagon. Honestly, I don’t know how I got anything done before finding this tool. If you’re not aware, Masscan is an asynchronous, TCP network port scanner. It’s an incredibly fast tool that can be used to quickly identify live…
The post Get to Hacking MASSively Faster – The Release of SpooNMAP appeared first on TrustedSec.
Continue reading Get to Hacking MASSively Faster – The Release of SpooNMAP
Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka Sunburst). The TrustedSec Incident Response team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the backdoor. This…
The post SolarWinds Backdoor (Sunburst) Incident Response Playbook appeared first on TrustedSec.
Continue reading SolarWinds Backdoor (Sunburst) Incident Response Playbook
In this post, I will cover some easy things that defenders can do to make it harder for attackers to succeed. As you all know, there is never a silver bullet when it comes to security, so these tips will only make it harder for attackers by focusing on the basics, and sometimes, that helps…
The post 4 Free Easy Wins That Make Red Teams Harder appeared first on TrustedSec.
Continue reading 4 Free Easy Wins That Make Red Teams Harder
Reporting is an essential piece of the penetration testing puzzle. It’s the product your client will be reviewing within their organization, representing you and your company to those you may not have worked with directly. With that in mind, it’s important that your product, the report, strikes a balance between professional tone and cold facts….
The post An Update On Non-Aggressive Reporting appeared first on TrustedSec.
They say, “Everything old is new again.” Or, if you are a Game of Thrones fan, “What is dead may never die.” For me, however, a mentor once told me, “Everyone is going forward. I’m going backward.” Enter NetSync… I find Twitter to be a good source for InfoSec tactics, techniques, and procedures (TTPs). Anytime…
The post The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1 appeared first on TrustedSec.
Continue reading The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1