TrustedSec

PivotTables For InfoSec Dummies

Welcome to the exciting world of Excel spreadsheets! In our latest blog, Senior Security Consultant Philip DuBois provides guidance on how PivotTables can be used to dive deeper into data extracted from Nmap scans to help identify important information. Read it now!

trustedsec.com/blog/pivotta...

Starting a career in cybersecurity can be:
A. Exciting
B. Humbling
C. Overwhelming
D. All of the above

At TrustedSec, we believe that helping each other makes the world a more secure place & for our junior consultants, that knowledge sharing helped them jumpstart their careers. Watch now!

Find us on YouTube - http://www.youtube.com/@TrustedSecTV
Subscribe to Security Noise:
Spotify - https://open.spotify.com/show/7BvqdRhYrGXS0AZjofWVLb
Apple Podcasts - https://podcasts.apple.com/us/podcast/security-noise/id1428851782

Do you listen to our podcast? Don't worry, Security Noise is coming back soon 🎙️ We would love to hear from our avid listeners! Give us some feedback and be rewarded with virtual high fives and good vibes ⭐ Find us by searching "Security Noise" in your preferred podcast platform.

You have a few more days to enter our giveaway!

Let's Clone a Cloner - Part 3: Putting It All Together

In our new blog post, Senior Security Consultant Costa Petros unveils the final phase in his hardware hacking project. Wrapping up his long-range weaponized RFID reader build, he demos how he assembles the complete device and the results of his testing. Read it now!
trustedsec.com/blog/lets-cl...

Last chance to enroll for our training before the price goes up this Saturday! Come join us and get hands-on with real-world TTPs through threat hunting and detection engineering. See you there! https://www.blackhat.com/us-25/training/schedule/index.html#adversary-tactics-and-threat-hunting-44527

A big thank you to everyone who came out to our HQ last night for the July ISC2 Cleveland Chapter meeting! We appreciate all the engagement in the discussions as well hearing from our own Mike Owens. Just a heads-up: next month’s meeting will take place at a different location—more details to come!

Surely you must have questions about PCI DSS 😮‍💨 Join us for our next AMA to get answers from our compliance experts! Chris Camejo, Lee Quinton, & Art Cooper will help navigate this security standard. Register now! https://trustedsec.zoom.us/webinar/register/9417538165054/WN_XaznNarER8eyrQ2cr1cbHQ

Glad you liked it and thanks for joining us!

Couldn’t make it to our live Discord session with Senior Security Consultants Skyler Tuter and Kelsey Segrue? We’ve got you covered! The full replay is now available on our YouTube channel 👀 Check it out now!

#AI #phishing #Discord #pentest

https://www.youtube.com/watch?v=y8yfOPJOlZY

Sr Security Consultant Kevin Clark is pairing up with Skyler Knecht at DEF CON 33! You’ll have two chances to see their presentation, “Messenger - Proxies Here There and Everywhere,” on Fri and Sat. Check it out if you’re attending. https://defcon.org/html/defcon-33/dc-33-demolabs.html#content_60862

In celebration of our 13th birthday, we are giving away some swag to 13 lucky followers! To enter:
1. Follow us on Bluesky 🦋
2. Comment below with the name of your favorite hacker movie 🧑‍💻
We will draw the prizes at random next week! Deadline to enter is August 3, 2025 at 11:55pm. Good luck 🍀

Join us tomorrow for the ISC2 Cleveland Chapter meeting at our HQ! Our own Mike Owens will be presenting his talk on the four key steps to protect backups and ensure ransomware recovery. Registration now! https://www.eventbrite.com/e/isc2-cleveland-chapter-july-2025-meetup-tickets-1514201570659

Don’t miss Senior Security Consultant David Boyd at DEF CON 33! His talk, “The Human Vulnerability: Social Engineering in a Hyper-Connected World,” will be held on Saturday, August 9 at 11:30 AM. Be sure to check it out if you’re attending! defcon.org/html/defcon-...

You asked, we listened! From accessories to apparel, we’re excited to offer international shipping for all our merch 🌎 Shop now and wear your favorite gear! https://merch.trustedsec.com/trustedsec/shop/home

Going to DEFCON 33? Be sure to catch @two06.bsky.social’s talk, “Magnets, How Do They Work?” held on Friday, August 8 at 2:00PM. Catch his talk if you’ll be there! defcon.org/html/defcon-...

We're less than a week out from the next ISC2 Cleveland Chapter meeting at our HQ! SSC Mike Owens, will be presenting "I Will Survive: Protecting Backup and Recovery in the Age of Ransomware." Register now!
https://www.eventbrite.com/e/isc2-cleveland-chapter-july-2025-meetup-tickets-1514201570659

Live Discord AMA – Gone Phishing: AI in Pentesting YouTube video by TrustedSec

This will also be simulcasted on YouTube here: www.youtube.com/live/y8yfOPJ...

Join us tomorrow for a live Discord session at 11:00AM ET/10:00AM CT with SSC Skyler Tuter and Kelsey Segrue! Bring questions and get expert insights about using AI as a phishing tool in pentesting. Discord invite on our website! https://trustedsec.com/about-us/events/live-discord-ama-phishing-ai

Last chance to register for today's webinar! We'll discuss:
‼️ Why security effectiveness is important
📝 How to complete a security strategy
🔒 How protecting your data protects your assets
And more! Register now! https://trustedsec.zoom.us/webinar/register/4117520699996/WN_NNw5AcEgSlCoI2LOz-BP9A

Security 101: How to avoid being scammed online. Advisory Solutions Dir Alex Hamerstone spoke with WWL First News about the basics of staying safe online such as the importance of updating devices, using MFA, and more. His interview starts at 13:30. Listen now! www.audacy.com/podcast/wwl-...

We are hiring! TrustedSec is searching for a Cloud Pentester to join our Force-Cloud team. Learn more and apply today!

https://recruiting.paylocity.com/recruiting/jobs/Details/2732551/TrustedSec-LLC/Cloud-Pentester-Security-Consultant?source=Social%20Media

Sometimes, one weak link is all it takes. In our post, Sr Security Consultant Joe Sullivan explains why even minor findings can help highlight best practices, ensuring reports are actionable, to align with client needs. Read now!
https://trustedsec.com/blog/why-is-this-finding-on-my-pentest-report

YouTube video by TrustedSec SharePoint Under Fire: What Every IT Team Needs to Know About CVE-2025-53770

🚨If you're running SharePoint on-premises, you need to stop what you're doing and watch this video by Incident Response Practice Lead Carlos Perez. A critical vulnerability is being actively exploited right now, and it's hitting organizations hard. youtu.be/SYB5_pF6rC8

Why it's time for the US to go on offense in cyberspace In this op-ed, cybersecurity expert Dave Kennedy argues that the U.S. must pivot to offensive cyber operations in 2025.

With the recent $1 billion cyber initiative, we’re seeing a shift toward more robust offensive cyber operations in the US. Read this @cyberscoop.bsky.social op-ed by Founder and CEO David Kennedy to see why he thinks this means a serious effort to evolve our approach.

cyberscoop.com/us-offensive...

Ohio Auditor issues scathing assessment of Cleveland cybersecurity practices The Ohio Auditor of State sent a scathing assessment of the city's cybersecurity practices to Mayor Justin Bibb, the Cleveland City Council and the Audit Committee.

The Ohio Auditor of State issued a scathing report on Cleveland’s cybersecurity, citing failures like not implementing basic controls such as MFA. Advisory Solutions Director Alex Hamerstone told News 5 Cleveland that municipalities must take responsibility for securing their systems and data.

Senior Security Consultants Steph Saunders and Steve Maxwell spoke at ISSA Pittsburgh earlier this week about PCI DSS. They unpacked the latest updates to the security standards for the Hackers Guild and ISSA members! Team work makes dream work ✨🤝✨

Thank you for reading!

Hiding in the Shadows: Covert Tunnels via QEMU Virtualization

Is that a QEMU lurking in the shadows? In our new blog, Security Consultant Caroline Fenstermacher covers an incident where an attacker used social engineering, remote support tools, and a virtual machine to access a corporate device and attempt covert communication.
trustedsec.com/blog/hiding-...