Need to catch up on this summer's security news? Listen to the new #SecurityNoise episode now to find out what you may have missed! This week, Geoff, FullMetalHackIT and Dave Kennedy discuss the latest InfoSec buzz. Listen wherever you get your podcasts! trustedsec.com/resources/podc…

Stop! Put down the pen. In our new blog, Chris Camejo dives deep into HIPAA's definition of "Business Associate" so you can determine if your signature is required on that BAA. Read the next installment in the HIPAA blog series now! trustedsec.com/blog/hipaa-bus…

The next version of MacroPack is going to be huge! A new GUI, updated EDR bypass profiles, new evasion options, and many other things :) #redteam

Want another reason to be excited for TEC 2025? Sean Metcalf will be presenting his talk, "Entra the Dragon: Roles, Permissions, and Conditional Access, Oh My!". It'll take place on October 1 at 10:30AM CDT. Don't miss it! events.bizzabo.com/TheExpertsConf…

Damn straight

For those who know Freqout, he's an amazing man and an OG hacker-from Boston to New Hack City. His family has experienced unimaginable tragedy recently, and this is to help with their hospital and funeral expenses. Give or share! gofundme.com/f/supporting-t…

Be sure to catch @techBrandon's talk on October 1 at 3:00PM CDT if you're going to TEC 2025! He'll be giving his talk, "Abusing Holes in Conditional Access". Check it out! events.bizzabo.com/TheExpertsConf…

Running GCP in your environment and need an expert cloud penetration test performed? Maybe you want to see how threat actors are enumerating your users for phishing campaigns? Come hit me up! #GCP #CloudSecurity

Stolen, but I don’t give a fuck

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…

Hey GrrCON! Get ready for Adam Compton (@[email protected]) 🤩 He’ll be presenting his talk, "An Old Hillbilly’s Guide to BASH for Pentests: Automating, Logging, and Covering Your Butt," on October 3 at 1:00PM. You won't want to miss it! grrcon.com

Looks like Fireprox might have a sibling now

Now that’s a caddy

As it turns out AWS not only made changes to their TOS, they are actively enforcing them. Thus, the current public release of TeamFiltration has been rendered more or less useless for enum and spraying EntraId tenants.

Our very own alex hamerstone is joining a panel discussion to share tips on protecting your business from cyber threats. This event will cover national and international threats targeting small businesses. Register now! docs.google.com/forms/d/e/1FAI…

Join Darkoperator | 🇺🇦 for our next webinar on October 15 at 1:00PM. We'll draw from recent, anonymized investigations to expose the most devastating failure patterns our Incident Response team has encountered in the field. Secure your spot now! trustedsec.zoom.us/webinar/regist…

Almost time for GrrCON! Don't miss Adam Compton (@[email protected])'s talk, happening this Friday at 1:00PM. Plus, be sure to swing by our booth and say hello if you'll be there! grrcon.com

What happens when the User-Account-Restrictions property gets misconfigured? Spoiler: It's not good. From account compromise to full domain takeover, Garrett breaks down why this permission set is more dangerous than most realize. ghst.ly/4mKgycH

Adam Compton (@[email protected]) dropping it like it’s 🔥 sharing knowledge at GrrCon, and examples on how to automate for accuracy, logging, and efficiency with bash scripting. Excellent presentation given with true hillbilly grit.

Proud dad moment: 6 year old daughter trying to guess my PS5 pin while waiting for me to come login so she could play a 2 player game.