TrustedSec
Active Directory, social engineering, and post-exploitation

TrustedSec is one of the most respected names in offensive security consulting, founded by David Kennedy (creator of the Social-Engineer Toolkit). Their blog delivers cutting-edge research that directly impacts how security professionals approach red team engagements.
Why Follow This Blog
TrustedSec consistently publishes high-quality technical content that bridges the gap between theoretical vulnerabilities and practical exploitation. Their researchers are active in the security community and frequently release tools alongside their research.
Key Topics Covered
Active Directory Security
- Kerberos Attacks: Detailed walkthroughs of Kerberoasting, AS-REP roasting, and delegation abuse
- Privilege Escalation: Domain escalation paths and misconfigurations
- Persistence Techniques: Golden tickets, silver tickets, and skeleton keys
- Trust Relationships: Cross-forest and cross-domain attack techniques
Social Engineering
- Phishing Campaigns: Technical implementation of sophisticated phishing attacks
- Pretexting: Building believable scenarios for social engineering
- Physical Security: Red team physical penetration techniques
- Vishing: Voice phishing methodologies
Post-Exploitation
- Lateral Movement: Techniques for moving through compromised networks
- Credential Harvesting: Memory scraping and credential extraction
- Defense Evasion: Bypassing EDR and security controls
- Data Exfiltration: Covert channels and exfiltration methods
Tool Development
- Social-Engineer Toolkit (SET): Updates and usage guides
- Artillery: Honeypot and monitoring tool
- Unicorn: PowerShell downgrade attack tool
- Custom Tooling: In-house tools released to the community
Notable Research Areas
Red Team Operations
TrustedSec’s blog frequently covers full attack chain scenarios, demonstrating how multiple techniques combine in real-world engagements:
- Initial access vectors
- Network reconnaissance
- Domain compromise paths
- Objective completion strategies
Cloud Security
Increasingly focused on cloud-based attacks:
- Azure AD exploitation
- AWS privilege escalation
- Multi-cloud attack scenarios
- Identity federation abuse
Purple Team Content
Content valuable for both offensive and defensive teams:
- Detection opportunities for attacks
- Log analysis for compromise indicators
- Security architecture recommendations
- Incident response considerations
Content Format
Blog Posts
- Technical Deep Dives: Detailed explanations with code samples
- Tool Releases: Announcements with usage documentation
- Case Studies: Anonymized real-world engagement examples
- Industry Commentary: Perspectives on security trends
Associated Resources
- Webcasts: Regular free security webcasts
- Podcasts: Security discussions and interviews
- Conference Talks: Presentations at major security conferences
- Training: Courses and workshops