TrustedSec

<p>Password reuse is common in Active Directory (AD). From an attacker’s perspective, it is a reliable path to lateral movement or privilege escalation. Most IT teams recognize the risk, but longer passwords and password…</p>

<p>The TrustedSec PMA is a tactical approach to evaluating the components, efficiency, and overall maturity of an organization’s Information Security program.Unlike a traditional compliance audit, the PMA is designed as a…</p>

<p>Introducing a custom model for understanding privileged roles in Microsoft Entra ID, developed by TrustedSecWhenever our team conducts a Hardening Review of Microsoft Entra, 365, or Azure, we always emphasize protecting…</p>

<p>When it comes to reading (and editing) (and proofreading) technical documents, it's important to remember that the details are key, and can make all the difference. Not all readers of technical documents have technical…</p>

<p>Defense contractors are preparing their systems for the start of the upcoming CMMC rollout but what they may not have considered is how their relationship with Subcontractors and External Service Providers (ESPs),…</p>

<p>Discord Livestream In preparation for a talk, Jason Lang (@curi0usJack) and I were doing at MCTTP about mining TTPs from VX-underground, we both ended up doing research based on ideas we got from reading all the…</p>

<p>Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against all users and typically avoids account lockout since the…</p>

<p>Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services like Remote Registry and EFS. Learn how they can be activated with little to no code required.</p>

<p>Your Web Application Firewall (WAF) sees EVERYTHING. In this blog, we demonstrate how an attacker with access to Azure Front Door’s WAF and Log Analytics can potentially skim credentials from a site behind the WAF.</p>

<p>If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how E2EE fits—or doesn’t—into the PCI P2PE program.</p>

<p>In this blog, we explain how HIPAA’s Privacy, Security, Breach Notification, and Administrative Rules apply while clearing up common misunderstandings about who they cover.</p>

<p>Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a “Business Associate” to help you know if signing is necessary.</p>

<p>Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better understand whether HIPAA truly applies.</p>

<p>Windows Server Update Services (WSUS) is a trusted cornerstone of patch management in many environments, but its reliance on HTTP/HTTPS traffic makes it a prime target for attackers operating on the local network. By…</p>

<p>A major step on the CMMC rollout timeline was completed recently as the regulatory change that will create the CMMC contract clause made its way to the Office of Information and Regulatory Affairs (OIRA). This post…</p>

<p>Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against all users and typically avoids account lockout since the…</p>

<p>Many organizations don’t understand that not all health information is PHI and apply HIPAA more broadly than is required. This has implications for which organizations are considered Business Associates (because an…</p>

<p>Ransomware attackers frequently target backups and recovery systems to force victims into paying ransoms, making robust protection strategies essential for all organizations. This blog introduces the Defensive Backup…</p>

<p>It's that feeling of your nerves being stretched like sinew over mounting expectations and due dates. When your attention keeps an exhausted but stubborn focus on an ever-shifting goal because there is always one more…</p>

<p>Many DoD contractors are struggling to understand what requirements will apply to them once CMMC rolls out. CMMC defines three levels, but CMMC Level 2 may allow a self-assessment or may require a third-party…</p>