Carlos Perez (darkoperator) joins the TrustedSec team!

February 19, 2018 | By:

TrustedSec is proud to announce the hiring of Carlos Perez (@Carlos_Perez) to run the Research and Development team. At TrustedSec, we continue to expand our tooling, capabilities, and talent within the organization. With the addition to Carlos coming aboard, we continue to hire specialized, passionate, and highly skilled people. Carlos has been a friend for…

Hide Yo Servers, Hide Yo Data . . .

February 14, 2018 | By:

Companies spend millions of dollars to protect their data in the forms of firewalls, antiviruses, spam filters, web content filters, multi-factor authentication, and so on. But what about physical security? Most companies will have a badge system to grant employees access to the facility. Main entrances will have a receptionist or sometimes a security guard…

How to Choose a PCI QSA

February 12, 2018 | By:

As of writing this article, there are currently 378 PCI QSA Companies worldwide that are certified by the PCI Council. That is quite a selection to narrow your choices. So what do you look for in good qualities to partner with? What attributes do you form that basis on? Throughout this blog, we are going…

New PCI Controls and What You Should Know

February 07, 2018 | By:

It is finally here: the forward-dated controls that have been in existence since the release of version 3.2 of the PCI Data Security Standard, from April 2016. Hopefully, by now, you have had a chance to review them, but if you haven’t we are going to take a deep dive on each of the new…

Public Release of Hate_Crack – Automated Hash Cracking Techniques with HashCat

February 01, 2018 | By:

Today we are releasing hate_crack to unleash the power of hashcat to the community. Unless you’re deeply into hash cracking, you most likely aren’t aware of the several different attack modes built into hashcat, such as: Mask Attack Fingerprint Attack Combinator Attack Hybrid Attack Martin Bos covered several of these attacks in a previous post,…

Welcome to 2018! A Meltdown and Spectre Run-Through

January 06, 2018 | By:

Welcome to 2018! It’s only been a few days into the new year and we already have newly named bugs, thanks to the Google Project Zero, Cyberus Technology, and the Graz University of Technology. Jann Horn, Werner Haas, Thomas Prescher, Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz…

More Complex Intruder Attacks with Burp!

December 21, 2017 | By:

Recently I was performing an external penetration test, and there was not a lot of attack surface but there was a firewall device present with one of those browser based SSL VPN services. Without a lot to go on other than some usernames gathered from LinkedIn, this seemed like a door worth trying to force….


November 28, 2017 | By:

This blog post isn’t directly information security related per se, but is technical in nature, so it should appeal to the geek in most of us. When Dave posted pictures of the gear being used to stream the Track talks within the Hyatt at DerbyCon this year, there was a fair amount of interest in…

Full Disclosure: Authenticated Command Execution Vulnerability in pfSense <= 2.3.1_1 (pfSense-SA-16_08.webgui)

November 17, 2017 | By:

On 05/19/2016 Scott White of TrustedSec discovered an authenticated command injection vulnerability in pfSense. It was responsibly disclosed to pfSense ( on 06/08/2016 and promptly fixed by the pfSense development team. TrustedSec wants to thank the pfSense team for the impressive response time and for providing a great open source project. Although the vulnerability was…

Character Assassination: Fun and Games with Unicode

November 14, 2017 | By:

Why this subject? I love Unicode, and I even adopted a character (I’ll let you guess which one). Lots of research has been done on Unicode security issues, but not many people talk about it. Unicode was created to provide an expandable character set to encompass more languages than the standard Latin alphabet can express….