TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Follow Us Down The Rabbit Hole The security summit for researchers / by researchers It’s time to declare your intent. December 18 • Tel Aviv Zappa MidTown, Derech Menachem Begin 144 REGISTER We have full house. Registration is closed. Researchers are coming…

Contribute to 3xp0rt/LockBit-Black-Builder development by creating an account on GitHub.

Huge thanks to Yaron Avital, Tyler Welton and Daniel Krivelevich for their contribution to this research. Intro As adoption of CI systems and processes becomes more prevalent, organizations opt for a CI/CD architecture which combines SaaS-based source control…

We recently discovered several vulnerabilities in OneDev 7.2.9 that allowed attackers to fully compromise a server and even break out of a Docker environment.

Well, it’s been a long time ago since our beloved JuicyPotato has been published. Meantime things changed and got fixed (backported also to Win10 1803/Server2016) leading to the glorious end …

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique - GitHub - D1rkMtr/FilelessRemotePE: Loading Fileless Remote PE...

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

Application security issues found by Assetnote

On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js "netlify-ipx" repository which would allow an attacker to achieve persistent cross-site noscripting...

Understanding the operation and limitations of Sysmon's first preventive mechanism: the FileBlockExecutable event.

We take a deep dive into Roshtyak, the DLL backdoor payload associated with Raspberry Robin. Roshtyak is full of anti-analysis tricks. Some are well-known, and some we have never seen before. From a technical perspective, the lengths Roshtyak takes to protect…

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

A string of recent attacks has made it clear that ‘classic’ ways of doing MFA are not sufficient. This guide provides instructions for setting up a MacBook Pro’s Touch ID fingerpr…

tl;dr You can now have Scout Suite scan not only your cloud environments, but your Kubernetes clusters. Just have your kubeconfig ready and run the following commands: $ pip3 install –user $ …

Last year, we (My researcher partner on this topic, Anil and me) and found a SQL injection vulnerability on a target at Synack which was…

μετάμάσκα - malevolent payload classifier. Contribute to dogancanbakir/metamaska development by creating an account on GitHub.