TrustedSec

<p>When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the love. There’s a lot of research, tradecraft and blog post…</p>

<p>How does one Purple Team? TAC Practice Lead Megan Nilsen shares open-source tools, techniques, and tips for security practitioners exploring Purple Teaming, along with advice to boost offensive and defensive skills.</p>

<p>1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness &amp; Countermeasures (TAC) team is to assess and enhance our partners' security posture. Every organization benefits from improving and…</p>

<p>OverviewIn web and mobile applications, we’ve been fortunate over the years to have such widespread use of HTTPS by way of TLS. The proliferation of HTTPS is in no small part due to Let’s Encrypt, which provides free…</p>

<p>In my experience, most organizations are prepared to discuss the scope of penetration tests when preparing for an External or Internal Penetration Test, but when it comes time to discuss specifics about a web…</p>

<p>Most security teams understand the importance of log collection and building detections to provide early indicators of anomalous or potentially malicious activity. However, what is often forgotten is testing the…</p>

<p>How far should you let penetration testers go once they have a finding or foothold on a penetration test of your organization?As far as they can!The goal is to help improve your organization’s security posture. The more…</p>

<p>I'm still pretty new to hardware hacking and find myself going through a lot of media (both text and moving pictures) about various techniques to interact with IoT devices and hardware in general. One of the tasks for a…</p>

<p>TrustedSec has achieved CREST Certification for penetration testing, a globally recognized standard that verifies an organization's ability to conduct high-quality, rigorous, and ethical cybersecurity services.</p>

<p>In the first section of this multi-part practical guide, I’ll introduce you to Kubernetes (K8s) from a penetration testing perspective, including basic information, vocabulary, and how to identify and explore Kubernetes…</p>

<p>U.S. government contractors need to start preparing for a proposed new government-wide Controlled Unclassified Information (CUI) protection requirement.</p>

<p>1.1      IntroductionAgents and Large Language Models (LLMs) offer a powerful combination for driving automation. In this post, we’ll explore how to implement a straightforward agent that leverages the capabilities of…</p>

<p>Tips for what you can do in advance of an API Security Assessment to help us avoid delays and ensure the process runs smoothly and benefits everyone.</p>

<p>The Payment Card Industry Data Security Standard (PCI DSS) applies to and has specific requirements for retention of Account Data. In general, organizations must retain as little Account Data as they can for as short a…</p>

<p>Play We’re excited to share some big news: Trimarc Security is now fully operating under TrustedSec! This marks a significant step forward in our mission to provide real-world security guidance to help our partners…</p>

<p>TL;DR - Azure app proxy pre-authentication set to Passthrough may unintentionally expose private network resources.Microsoft’s Azure app proxy allows for publishing on-premises applications to the public without opening…</p>

<p>TL;DR - Azure app proxy pre-authentication set to Passthrough may unintentionally expose private network resources.Microsoft’s Azure app proxy allows for publishing on-premises applications to the public without opening…</p>

<p>Some interesting things happen when you connect to a virtual private network (VPN). One that recently caught my interest is updates to the routing table. Normally, a non-administrative Windows user can’t modify the…</p>

<p>Adversary Simulations (“AdSim” or “Red Teams”) represent a serious commitment on the part of an organization. In the United States, AdSim engagements are typically not required by industry standards in the private…</p>

<p>Implementing requirements 6.4.3 and 11.6.1, or using a WAF to protect against script-based attacks, to meet PCI SSC's new eligibility criterion for SAQ A eCommerce merchants.</p>