Welcome to 2018! A Meltdown and Spectre Run-Through

January 06, 2018 | By:

Welcome to 2018! It’s only been a few days into the new year and we already have newly named bugs, thanks to the Google Project Zero, Cyberus Technology, and the Graz University of Technology. Jann Horn, Werner Haas, Thomas Prescher, Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz…


More Complex Intruder Attacks with Burp!

December 21, 2017 | By:

Recently I was performing an external penetration test, and there was not a lot of attack surface but there was a firewall device present with one of those browser based SSL VPN services. Without a lot to go on other than some usernames gathered from LinkedIn, this seemed like a door worth trying to force….


DerbyTV

November 28, 2017 | By:

This blog post isn’t directly information security related per se, but is technical in nature, so it should appeal to the geek in most of us. When Dave posted pictures of the gear being used to stream the Track talks within the Hyatt at DerbyCon this year, there was a fair amount of interest in…


Full Disclosure: Authenticated Command Execution Vulnerability in pfSense <= 2.3.1_1 (pfSense-SA-16_08.webgui)

November 17, 2017 | By:

On 05/19/2016 Scott White of TrustedSec discovered an authenticated command injection vulnerability in pfSense. It was responsibly disclosed to pfSense (security@pfsense.org) on 06/08/2016 and promptly fixed by the pfSense development team. TrustedSec wants to thank the pfSense team for the impressive response time and for providing a great open source project. Although the vulnerability was…


Character Assassination: Fun and Games with Unicode

November 14, 2017 | By:

Why this subject? I love Unicode, and I even adopted a character (I’ll let you guess which one). Lots of research has been done on Unicode security issues, but not many people talk about it. Unicode was created to provide an expandable character set to encompass more languages than the standard Latin alphabet can express….


TrevorC2 – Legitimate Covert C2 over Browser Emulation

October 27, 2017 | By:

TrustedSec is proud to announce the release of the TrevorC2 HTTP(s) command and control (C2) open source framework. TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfiltration. There are two components…


A Different Take on Exam Prep: CISSP

September 29, 2017 | By:

I just passed the CISSP examination. I saw what many did to prepare for their exam, and I did something else. I needed something faster to arrive at passing results. First off, the CISSP is “Certified Information Systems Security Professional”. It is an advanced credential requiring not just a passing exam score, but also dedicated…


Full Disclosure: JitBit Helpdesk Authentication Bypass 0-Day

September 29, 2017 | By:

Summary An authentication bypass issue was discovered in JitBit Help Desk Software v8.9.11 in October of 2016. This issue was reported to the vendor, and after several communications and numerous updated releases, the software is still vulnerable. JitBit Help Desk Software is a popular ticketing system which boasts some well-known clients. Details It is possible…


Ruby ERB Template Injection

September 13, 2017 | By:

Written by Scott White & Geoff Walton Templates are commonly used both client and server-side for many of today’s web applications.  Many template engines are available in several different programming languages.  Some examples are Smarty, Mako, Jinja2, Jade, Velocity, Freemaker, and Twig.  Template injection is a type of injection attack that can have some particularly…


Using WinRM Through Meterpreter

September 07, 2017 | By:

Windows Remote Management (WinRM) is Microsoft’s implementation of the WS-Management (WSMan) protocol, which is used for exchanging management data between machines that support it. WSMan, in the case of Windows, supplies this data from WMI and transmits them in the form of SOAP messages. More info here. Why is any of this important to you?…