TrustedSec

<p>As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare scores and maturity ratings from version 1.1 to version 2.0?…</p>

<p>Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known vulnerability by targeting two headers used in some JWT setups.</p>

<p>Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop capabilities in the browser. This feature is not only…</p>

<p>In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we need an MCP that will allow Claude to disassemble .NET…</p>

<p>Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data. Common mobile device threat vectors include various attack…</p>

<p>Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could password spray and remain undetected. Well, the Ghost of…</p>

<p>As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it takes to pull them off.</p>

<p>Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same" engagement, you've likely encountered this issue at some point.…</p>

<p>Session Management Testing - CookiesThe Cheat Sheet section is for quick reference and to make sure steps don’t get missed.The Learn section is for those who have never touched the topic before.The Implement section is…</p>

<p>When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the love. There’s a lot of research, tradecraft and blog post…</p>

<p>How does one Purple Team? TAC Practice Lead Megan Nilsen shares open-source tools, techniques, and tips for security practitioners exploring Purple Teaming, along with advice to boost offensive and defensive skills.</p>

<p>1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness &amp; Countermeasures (TAC) team is to assess and enhance our partners' security posture. Every organization benefits from improving and…</p>

<p>OverviewIn web and mobile applications, we’ve been fortunate over the years to have such widespread use of HTTPS by way of TLS. The proliferation of HTTPS is in no small part due to Let’s Encrypt, which provides free…</p>

<p>In my experience, most organizations are prepared to discuss the scope of penetration tests when preparing for an External or Internal Penetration Test, but when it comes time to discuss specifics about a web…</p>

<p>Most security teams understand the importance of log collection and building detections to provide early indicators of anomalous or potentially malicious activity. However, what is often forgotten is testing the…</p>

<p>How far should you let penetration testers go once they have a finding or foothold on a penetration test of your organization?As far as they can!The goal is to help improve your organization’s security posture. The more…</p>

<p>I'm still pretty new to hardware hacking and find myself going through a lot of media (both text and moving pictures) about various techniques to interact with IoT devices and hardware in general. One of the tasks for a…</p>

<p>TrustedSec has achieved CREST Certification for penetration testing, a globally recognized standard that verifies an organization's ability to conduct high-quality, rigorous, and ethical cybersecurity services.</p>

<p>In the first section of this multi-part practical guide, I’ll introduce you to Kubernetes (K8s) from a penetration testing perspective, including basic information, vocabulary, and how to identify and explore Kubernetes…</p>

<p>U.S. government contractors need to start preparing for a proposed new government-wide Controlled Unclassified Information (CUI) protection requirement.</p>