TrustedSec

<p>JSON Web Tokens (JWTs) are a widely used format for applications and APIs to pass authorization information. These tokens often use a JSON Web Signature (JWS) to verify that the data within the payload has not been…</p>

<p>Update November 12, 2024 - This vulnerability has been patched. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019This post was originally published on October 8, 2024. TL;DR - Using built-in default…</p>

<p>On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From here, I wanted to investigate Groovy, as it’s something I’ve…</p>

<p>Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET deserialization, how to identify new vulnerabilities, and some…</p>

<p>Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic, innovative builds, but I wanted one that meets all of my…</p>

<p>IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can still abuse it to identify valid users with a classic…</p>

<p>Recap of Part&nbsp;1This is the second of a two-part series on Data Classification. The first part spoke to the fact that most security programs grow organically and in the wake of the growth of the business. This…</p>

<p>"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts."-Sir Arthur Conan Doyle, Sherlock Holmes, 18911.1     …</p>

<p>In our little niche corner of technology, it’s hard not to get excited about all the new command line interface (CLI) tools popping up all the time. I decided to make this blog post because recently, I had to get back…</p>

<p>TL;DRDefine the goal of an assessment.Take time to choose the right assessment type.The more detail you give about an asset, the better quality your report will be.Select the right environment for the…</p>

<p>We're back with another post about common malware techniques. This time we are talking about setting Windows hooks. This is a simple technique that can be used to log keystrokes or inject code into remote processes. We…</p>

<p>1    IntroductionWeb browsers are common targets for many different APTs. Tools like Redline Malware or penetration testing tools such as SharpChrome or SharpChromium steal sensitive data like cookies and saved login…</p>

<p>Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years with Velociraptor Offline Collector functions to gather…</p>

<p>As an incident unfolds, skilled threat hunters with a special talent for uncovering hidden threats stand at the ready. These hunters smoke jump into the chaos and meticulously sift through network logs and endpoint…</p>

<p>IntroductionPhishing. We all love phishing. This post is about a new phishing technique based on some legacy knowledge I had that can be used to get past email filters and such. I would expect that after publication,…</p>

<p>Use of Targeted Risk Analysis (TRA) is a PCI best practice until March 31, 2025, at which time it becomes required for several controls across many assessment types. Unlike many other new controls, this applies as much…</p>

<p>1.1 IntroductionA hopefully rare scenario that gives red teamers a mini heart-attack is a sudden check-in from a new agent: admin on ALICE-PC.If a blue teamer has managed to get hold of a payload used on an engagement…</p>

<p>Figure 1: Every government contractor when they hear about CUI Contractors and subcontractors working for the US Federal Government (as well as some other unrelated organizations) may encounter contract clauses that…</p>

<p>There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that outlook.exe is a trusted process, this allows an attacker…</p>

<p>I want to applaud the PCI Security Standards Council (PCI SSC) for FAQ 1572 published in March of 2024 for simply and effectively answering a question asked by countless assessors for several years.The question is: Can…</p>