- JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants
by Drew Kirkpatrick on June 12, 2026 at 4:00 am<p>When I first wrote JS-Tap, the goal was to provide red teamers with a generic JavaScript payload that works without prior knowledge of a web application and without an authenticated user running it. Instrument the…</p>
- Hardening Intune: The Implementation Guideby Carlos Perez on June 11, 2026 at 4:00 am
<p>Part 2: Step-by-Step Configuration for Every ControlThis is Part 2 of a two-part series on Intune security hardening. Part 1 covers the attacks we have seen against this types of platforms, why platform administration…</p>
- How to Train Your (Dragons) Analysts – A TrustedSec Guide to Picking the Perfect Purple Teamby Megan Nilsen on June 9, 2026 at 4:00 am
<p>Whether it be the advent of AI technologies, new Red-Team techniques and exploits, or new patches and emergent defensive technologies, it’s pretty clear to all of us operating within technology fields that the landscape…</p>
- The Privileged Roles Nobody Talks Aboutby Carlos Perez on June 4, 2026 at 4:00 am
<p>Part 1: Why Your MDM Platform is a Tier 0 AssetThis is Part 1 of a two-part series on Intune security hardening. This post covers what we have seen in real world attacks as well as attack paths our Pentest Team has…</p>
- CMMC Conditional Status – Contracting Without Complianceby Chris Camejo on June 2, 2026 at 4:00 am
<p>The CMMC rollout is progressing. Contracts that require a CMMC Level 2 (Self) self-assessment have been circulating since the start of Phase 1 in November 2025, and contracts that require CMMC Level 2 (C3PAO) audits…</p>
- PCI DSS, Telephone Payments, and the Problems With VoIPby Chris Camejo on May 26, 2026 at 4:00 am
<p>Turns out your VoIP system has some opinions about your PCI DSS compliance. Director of Advisory Services Chris Camejo breaks down who’s affected and how to reduce your compliance burden.</p>
- Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystemby Carlos Perez on May 21, 2026 at 4:00 am
<p>Same worm, different wave. In our new blog, Director of Security Intelligence Carlos Perez covers Shai-Hulud, how this supply-chain malware can eat your whole ecosystem, and what you can do to protect your data.</p>
- Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflowsby Brandon McGrath on May 19, 2026 at 4:00 am
<p>1.1 IntroductionRalph is a solid tool that makes agents do…more. It's defined as: an autonomous AI agent loop that runs repeatedly until all PRD items are complete. The purpose is for it to handle bigger plans and…</p>
- Finding Your Way on the Passkey Pathby Brandon Colley on May 14, 2026 at 4:00 am
<p>Ready to ditch passwords for good, but not sure where to start? Introducing Passkey Path, a choose-your-own-adventure guide to transitioning from passwords to passkeys, built for every role in your organization.</p>
- Slamming the Door on Quick Assist Tech Support Scams and Abuseby Thomas Millar on May 12, 2026 at 4:00 am
<p>Tech support scams are simple by design—just a trusted tool and a convincing story. We break down Microsoft Windows Quick Assist as an attack vector, detection strategies, and how to close the door for good.</p>
TrustedSec
We are an ethical website cyber security team and we perform security assessments to protect our clients.