End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back.
#Hacktheplanet
Blogs, news, webinars, and tools!
We are excited to announce that TrustedSec is a Leader in the 2024
@Forrester
Wave™ for Cybersecurity Consulting Services! Find out why we were recognized by downloading the report now:
We have open sourced our legal documentation used for physical penetration tests.
The purpose is to help the community and organizations protect their employees when conducting testing.
Includes three docs:
MSA
SOW
Authorization Letter
#TrustedSec
We have just released a new tool for exploiting CVE-2019-19781.
Our goal was to keep private as long as possible to have a longer window to fix.
Other researchers have published the exploit code in the wild already. Cats out of the bag.
#TrustedSec
We've just released a scanner that checks to see if a server is vulnerable for CVE-2019-19781.
It does not actually exploit the target and is erfectly safe with no impact on the system.
#TrustedSec
PenTesters Framework (PTF) v2.3 “All the Tools” released.
Adds 7 new tools including rdp scanner, support for internal gitlab, support for customized installs of only certain tools, and more.
(Fixed link)
#TrustedSec
Secret's out!
@Carlos_Perez
announces the release of the TrustedSec
#Sysmon
Community Guide. Discover the vision for making the guide and how you can contribute to making the best
#resource
for all things sysmon!
The PenTesters Framework (PTF) version 2.2 “Tool Haven” released. Adds support for docker containers, number of new tools and fixes. Total of 252 tools now!
#TrustedSec
With initial access to a M365 account, Red Teamers can potentially find a treasure trove of sensitive information.
@Flangvik
goes over three tools (and one script) that he believes to be the modern-day Triforce for initial access. Read it now on our blog!
We are proud to announce the addition of
@Carlos_Perez
as lead of the Research and Development team at
#TrustedSec
.
Excited to have you on board Carlos!
Great addition to our team, and our continued commitment of having amazing folks.
For almost a year, invisible password spraying could be performed against any
#Azure
tenant due to a vulnerability in
#MicrosoftGraph
. In our latest blog,
@nyxgeek
walks us through how these attacks could have been carried out. Read it now!
Senior Security Consultant
@Jean_Maes_1994
gives us the first comprehensive resource about all things
#relaying
. This guide covers a range of techniques from most common to the lesser-known.
New version of the PenTesters Framework v2.3.1 “All the Tools” released.
Adds pexpect checks for gitlab support and requirements installation.
#TrustedSec
🚨URGENT🚨 Our
#IncidentResponse
team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the SolarWinds backdoor
#solarigate
.
@Flangvik
shows how to fully abuse
#Azure
’s infrastructure services using a new
#tool
he’s calling AzureC2Relay. Find out how to start using it now to secure your command and control (C2) infrastructure
Senior Security Consultant
@Oddvarmoe
gives us a look through the eyes of a
#hacker
using phishing by leveraging Azure Information Protection (AIP) in his latest
#blog
Next Gen Phishing - Leveraging Azure Information Protection - TrustedSec
Our Targeted Operations team recently looked to improve their knowledge management strategy.
@L1NKD34D
provides a behind-the-scenes look at how Obsidian has been customized and evaluated as a solution. Bonus! It's available to as an open-source resource.
Do you wish you had a step by step guide and
#GitHub
resources to deploy infrastructure automation across a
#RedTeam
infrastructure?
@curi0usJack
thought you might. His latest
#blog
"Automating a RedELK Deployment Using Ansible", is a must-use resource❗
🚨NEW TOOL🚨 We’re excited to publicly release SpooNMAP today! Combining the strengths of a port scanner with IDS evasion techniques, this tool can greatly reduce the time needed to generate Full XML results.
New release: Magic Unicorn v3.0 - largest code release in years for Unicorn. Adds custom shellcode and Cobalt Strike support for PowerShell, HTA, and Macro attacks and much much more.
#TrustedSec
Our new
#blog
post by
@mega_spl0it
and
@4ndr3W6S
takes a deep dive into how Active Directory (AD) attribute-based detections can be built and how to identify where an adversary may be hiding. Read the first of this 3-part series now!
Principal Security Consultant
@Oddvarmoe
made an exciting discovery while using password-spraying tools in Microsoft Office 365 during a recent engagement. Read our latest
#blog
to find out how he went from error to entry!
New to security? We have a job for you! Our Associate Security Consultant role will provide training on cutting-edge research, technical-oriented skills, communication skills, and consulting, all in a positive and relaxed workforce environment
#apply
Senior Security Consultant
@nyxgeek
helps you hone your brute-force attacks against O365, and shows you how to extract valuable user lists and group memberships once you have credentials
In response to the recent
#Citrix
ADC (NetScaler) CVE-2019-19781 Remote Code Execution vulnerability, the TrustedSec IR, offensive, and research teams provide files and locations that may contain evidence of a compromise
In our new
#blog
post, Senior Security Consultant
@n00py1
shows us why you don't need a drawer full of fancy tools to pivot through networks—just some Windows
#OpenSSH
magic. Read it now!
As
#phishing
becomes more and more difficult,
@_xpn_
looks at one technique to ensure that a first payload execution attempt has as much of a chance to succeed as possible
The new Cybersecurity Education Program
@BedfordHS
has officially taken off🚀
Take a peek inside our launch event last week and learn more about how this program will impact students!
Until
@Oddvarmoe
joined the
#RedTeam
he never worked with Cobalt Strike. Read how he (sometimes humorously) did things but learned to be a better Cobalt Strike operator in his journey and you can too!
#infosec
ᴡᴇʟᴄᴏᴍᴇ ʜᴏᴍᴇ
This past Friday we celebrated the opening of our new state-of-the-art global headquarters. This building belongs to the community and we can't wait to start hosting all of you.
Senior Security Consultant
@oddvarmoe
does a deep-dive on how to find the specific Anti-Virus signature using manual testing and then shows techniques that can be used to bypass them in the first blog post on our ✨spiffy✨ new website!
Consultant Christopher Paschen debuts what may be a new method of
#persistence
that takes advantage of the telemetry found in
#Windows
versions for the last decade
Is
#Mimikatz
giving you away when changing users' passwords?
@n00py1
is familiar with this scenario! Read "Manipulating User Passwords Without Mimikatz" where Rodriguez focuses on resetting passwords for lateral movement or privilege escalation
#blog
Azure cloud can be compromised even with Domain Admin status. Learn about the dangers of
#Azure
SSO machine account compromise in our new
#blog
by Security Consultant Edwin David.
#CyberSecurity
#PenetrationTesting
Ever wanted to exploit that Group Policy modify access you have? Get a crash course on practical
#redteam
GPO client-side extension abuse in this
#security
#blog
from
@curi0usJack
Magic Unicorn 3.2.6 released. Adds obfuscation and evasion techniques for macro and HTA injection methods. Also adds better evasion in PowerShell attack vector.
#TrustedSec
In the first of this
#blog
series,
@rootsecdev
examines the weaponization of token theft. Follow along as he analyzes the behavior of attackers compromising Microsoft 365 users and devices using APT 29 (Midnight Blizzard) tradecraft.
Since day one, TrustedSec has been passionate about our purpose to make the world a safer place. We take our work seriously (without taking ourselves too seriously) and strived to shape ourselves into something we’re proud of. Today we get to share our updated brand that speaks
New major release of Unicorn v3.2 - adds three new attack types with the new SettingContent-ms extensions.
Supports MSF, Cobalt Strike, and custom shell code with MSHTA downloader.
#TrustedSec
Every network is different but
@jarsnah12
has noticed a common setting through many
#RedTeam
engagements that allow him to easily inject Rogue DNS records for malicious intent. Read his
#blog
for a full demonstration!
Even for dedicated disciples of
#Mimikatz
, NetSync may be a feature most aren’t familiar with. Senior Security Consultant Andrew Schwartz delves into what it is, how it’s executed, what’s needed to perform the attack, and two possible attack paths
The
#Log4J
vulnerability is as serious as it gets. To help organizations prevent, detect, and mitigate this vulnerability, we’ve put together actionable guidelines and recommendations for how to detect and respond. Updates added when available.
New Release: Magic Unicorn 3.5.1 - adds AMSI_BYPASS mode which uses the technique described here: to disable AMSI as part of the payload in Unicorn. Also added new features (print_decoded and more).
#TrustedSec
New version of Magic Unicorn released v3.6.1.
Slims payload size down substantially, adds better encoding and obfuscation.
Adds ability to use HTA and Macro generation with custom shellcode.
#TrustedSec
Our new "Learning Sysmon" YouTube series has officially launched! 🎉 Research Team Lead
@Carlos_Perez
will serve as your guide through these weekly training videos. Enjoy the first episode "What is Sysmon?" now!
From building payloads, testing evasions, and practicing offensive techniques, a must-have for every seasoned tester is a lab environment.
@W9HAX
walks us through how to deploy a dynamic AD lab environment for attack simulation. Read it now on our blog!
Find out how VBS works alongside driver signature enforcement to protect the Windows kernel, and how
@_xpn_
went about bypassing this to load unsigned drivers.
Don’t get lost in an unknown network!
@Carlos_Perez
is breaking down the problem with Enumeration of Active Domain (AD) in his latest
#blog
From tester to defender, this is important for all
#security
professionals
Exciting news!
We just created a
#TrustedSec
public Slack for anyone to use and interact with the folks here.
Come join our group! We will have frequent updates, code, discussions and more.
Come say hello to the
#TrustedSec
team and get to know us.
The PenTesters Framework v2.4.3 released.
* Adds Donut and Evil-WinRM
* New Ascii Art
* Fix for output log file
* Adds a --no-banner option when starting
* Adds ability to specify tool directly without category name.
* Several minor bug fixes.
'Malware: Linux, Mac, Windows, Oh My!' Our latest post on how to hunt for adversaries on Linux by finding binaries that shouldn't be present along with other ways to maintain access.
#trustedsec
Today we are excited to finally launch our new Impede Detection Platform. Unleash the power of Impede and revolutionize the way your business handles detection engineering.
Magic Unicorn v3.4 released!
Incorporates better evasion techniques, multiple bug fixes for macro and HTA methods, better handling on randomized variables, improved CS and shellcode checks and much more.
#TrustedSec
Unicorn v3.9 released.
* Incorporates an obfuscated
@_RastaMouse
bypass for AMSI.
* New evasion techniques for getting around detections.
* Splits payloads into different stages for AMSI bypass + Unicorn payload.
#TrustedSec
Happy Birthday, TrustedSec! 🎉 This month we celebrate our 11th anniversary! Thank you to our awesome team and amazing clients for helping us make the world a safer place.
Think you know WMI? Do you know how to write your own WMI provider? Senior Research Analyst Adam Todd is back to demonstrate how to create your own WMI provider for fun and profit.
IR Lead
@SecShoggoth
starts a 3part
#series
“Adventures of an RDP Honeypot” with an introduction to remote desktop
#security
He’ll detail ways to protect RDP installations and pitfalls when configuring these protections.
#StayTuned
for more!
Founder and CEO
@HackingDave
talks about what it means for TrustedSec to be named a Leader in the The Forrester Wave™ Cybersecurity Consulting Services, Q2 2024. Watch the full video on YouTube!
Download the full report here:
Research Practice Lead
@Carlos_Perez
has created
#SysmonGuide
video tutorials for our
#Sysmon
Community Guide! You can now go to our page or YouTube channel to enjoy these short video tutorials on different topics of this powerful tool
#infosec
Check out our latest post by
@HackingDave
, titled "Weaponizing .SettingContent-ms Extensions for Code Execution" based on awesome research from
@enigma0x3
and
@SpecterOps
. You'll find out how to get code execution from obscure filetypes.
#TrustedSec
🚨Critical vulnerability has been discovered in MOVEit Transfer, a widely used secure file transfer system. 🚨 The TrustedSec IR team has this technical analysis and post-exploitation investigation. No CVE/CVS score available yet. Updates to follow.
In this guide from
@GuhnooPlusLinux
, you'll learn how the new
#BOFLoader
extension allows BOFs to be used from a
#Meterpreter
session. Discover new attacks made possible in Meterpreter and avoid common errors.
Our latest
#blog
post explores the combination of old and new techniques for attackers. In the first of a three-part series, Senior Research Analyst
@freefirex2
walks us through programming
#RPC
calls into
#BOFs
.
TrustedSec Announces New Impede Detection Platform!
Visit our website to learn more from TrustedSec Founder and CEO,
@HackingDave
on how you can unleash the power of advanced detection engineering to enhance your organizations cybersecurity posture!
Limitations on guest user permissions in
#MicrosoftEntra
might not be as restrictive as they appear. In our latest
#blog
,
@nyxgeek
uncovers a method that enables guest accounts to access user and group data — a reminder to change your default settings.
Cobalt Strike 4.1 allows code to be run in a more
#OPSEC
friendly manner. Senior Research Analyst Christopher Paschen outlines less obvious restrictions of Beacon Object Files and shares his
#workflow
to assist anyone tasked with writing in this format!
🚨 Critical
#cybersecurity
vulnerability 🚨
#Microsoft
has taken action against an
#Outlook
vulnerability (CVE-2023-23397) that's been actively exploited for almost a year. Find out how it works and what you can do to mitigate the threat.
Former NSA hacker and founder of TrustedSec and Binary Defense, David Kennedy, speaks about the implications of the Uber hack and whether the company should have reported the data breach.
Learn how
@jarsnah12
got past an engagement dead end using two underutilizing
#Mimikatz
features in his
#blog
"Azure Account Hijacking using mimikatz's lsadump::setntlm"
What would it look like for an attacker to use a malicious
#OAuth
web app to attack Azure AD users? “Creating a Malicious Azure AD OAuth2 Application” breaks down how deploying a malicious web app isn’t overly complex and can be used in an attack
#blog