TrustedSec

<p>In this article, I’ll walk you through the basics of Kerberos, how to use Titanis for the different parts, and how to mitigate some problems.Titanis SetupI use Titanis tools throughout this article to demonstrate…</p>

<p>InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like the old rules no longer apply, and half the industry suddenly…</p>

<p>Play Roll for Initiative. Hack the Planet.Dungeons &amp; Daemons is a cybersecurity RPG that drops you into the boots of a Red Team operator on a live engagement. Your mission: infiltrate a corporate facility,…</p>

<p>We put LLMs to the test—let's find out how good AI is at hacking! We walk through six simple challenges with intentionally naïve setups to test how capable each model is at single-step exploit validation.</p>

<p>I decided to spend some research time diving in depth into Identity and Access Management (IAM) within Microsoft Azure. I am going to show you within this blog how IAM permissions can be abused within an Azure…</p>

<p>From Data Sources to DetectionWe&#039;ve covered a lot of ground in this series: Windows Security events for logon tracking and process execution; PowerShell logging for script visibility; Sysmon for network…</p>

<p>If you do the same thing three times, automate it. Introducing Mobile Data Extractor, a Python tool that handles the repetitive work of mobile app data extraction so testers can focus on what matters.</p>

<p>The Problem Nobody Wants to Talk AboutLet me paint a picture most security leaders will recognize.You have 30+ policies living as Word documents on SharePoint. Half of them have filenames like…</p>

<p>Filling the Gaps Native Logging Can&#039;tAt this point in our series, we have Windows Security events capturing logon sessions and process creation, and PowerShell logging capturing script execution. That&#039;s a…</p>

<p>Invisible password sprays. Invisible logins. Full tokens returned.Nyxgeek here. It&#039;s 2026 and I&#039;ve got two more Azure Entra ID sign-in log bypasses to share with you. Don&#039;t get too excited…these bypasses…</p>

<p>When I started working in mobile application security in 2018, most testing was still largely manual. Since then, the ecosystem has exploded with scanners, frameworks, and automation platforms. With more tools…</p>

<p>A Windows shortcut (.lnk) seems very simple on the surface. It is a file that points somewhere and tells the system to open or execute a resource. A shortcut is relatively easy to overlook and can be spoofed to look…</p>

<p>The Second Most Important Data Source You&#039;re Probably Not CapturingIn Part 2, we enabled process creation logging with command lines. That&#039;s a big step forward. But here&#039;s the thing about PowerShell:…</p>

<p>The Audit Policies Nobody ConfiguresIn Part 1, we looked at why relying on a single telemetry source is a recipe for blind spots. Now let&#039;s get practical. Windows has a rich set of security auditing capabilities…</p>

<p>The Uncomfortable Truth About Your Telemetry Let me start with an observation that might hit close to home. In my years working Incident Response cases and running Tabletop Exercises, I&#039;ve noticed a pattern that…</p>

<p>Notepad++ has been in the news recently for a breach of infrastructure associated with the Notepad++ updater. This attack may have allowed an adversary to deliver backdoored updates which could allow arbitrary code…</p>

<p>CMMC has been getting much of the Controlled Unclassified Information (CUI) attention lately due to the size of the defense industrial base, but General Services Administration (GSA) requirements for protecting CUI are…</p>

<p>Entra ID (formerly Azure AD) is the core service upon which Microsoft 365 applications rely for directory and authentication services. This makes Entra ID security a critical element for any organization that leverages…</p>

<p>The Cheat Sheet section is for quick reference.The Learn section is for those who have never touched the topic before.The Implement section is for more detailed descriptions of each Cheat Sheet…</p>

<p>MCP-ASD Burp extension has been submitted to the BApp Store and is awaiting approval.MCP OVERVIEWMCP (Model Context Protocol) servers are becoming more common thanks to their ease of integration with AI systems such as…</p>