Trimarc
1775 I St NW
Suite #1150
Washington, DC 20006

(202) 587-2735

  • Twitter Social Icon

©2019 Trimarc

TRIMARC

Trimarc’s Security Solutions Improve Enterprise Security & Mitigate Modern Attack Methods

Trimarc was founded by Sean Metcalf, a Microsoft Certified Master in Active Directory, to help organizations better secure their Microsoft platform, specifically on-premises Active Directory (AD) and the Microsoft cloud environment (Azure AD & Office 365). Collectively, our team has decades of systems engineering experience in enterprise environments combined with security vision and know-how, and this expertise more quickly and effectively improves the security posture of our customers.

Trimarc Expertise

 

Trimarc provides leading expertise in security solutions including security reviews, strategy, architecture, and implementation. Our methodology leverages our internal research and custom tooling which better discovers multiple security issues attackers could exploit to compromise the environment. Trimarc security services fit between traditional compliance/audit reviews and standard penetration testing/red teaming engagements, providing deep understanding of Microsoft technologies, typical security issues and misconfigurations, and provide recommendations based on our own best practices custom-tailored to balance operational and security challenges.

 

From Active Directory to the Microsoft Cloud (Office 365 & Azure AD) to VMware, Trimarc has the knowledge and expertise to help improve your security posture. Our focus on the systems that enable today’s business positions us to effectively assess and improve enterprise security.

 

  • Active Directory

  • Microsoft Cloud (Office 365, Exchange Online, & Azure AD)

  • VMware 

  • Microsoft Windows 10

Trimarc provides leading expertise in security solutions including strategy, architecture, tactical implementations, and long-term maintenance. In addition, we perform renowned security research that has helped drive the implementation of effective protection measures for organizations reliant on Microsoft technologies.

Trimarc works on continuously developing defensive strategies to combat evolving attack techniques. We focus on defensive layers within the enterprise – while any single defense may fail, there are others that compensate for this and provide additional detection and/or mitigation for that area.
 

 

Trimarc Services

Trimarc provides customized solutions developed to help you secure your environment. We focus on helping you better leverage existing technology investments to improve enterprise security posture.

 

Our primary service offerings focus on reviewing and improving the security of your Active Directory and Microsoft Cloud environments. Key to this is ensuring that any security recommendations we provide align with your business process and requirements. Trimarc works with you as a Trusted Adviser in improving your enterprise security.

 

Trimarc’s Active Directory security review and assessment scans the AD environment shining a light on the dark, forgotten corners and unravels the spider-web of permissions collected over many years. We identify multiple potential AD escalation paths and provide recommendations that are actionable, prioritized, and customized to the environment so they can be implemented more quickly (and phased in over time) to effectively mitigate them. Our reporting methodology and approach provide clear paths to resolution and most of the critical issues we discover in our customer environments are resolved in days to weeks, not years.

 

Furthermore, we work with both Red and Blue teams and perform offensive & defensive research, which provides us unique understanding and experience in how organizations are typically attacked and provide insight into the best defensive tactics.

Trimarc has a variety of security solutions customized to meet each organization’s security needs and concerns. Please contact us for more information on how we can help you!

 

 Service List:

Events & Announcements

August 2019
 

Trimarc founder, Sean Metcalf, is speaking at Black Hat USA for the 4th time this August in Las Vegas, NV. He teams up with Mark Morowczynski, Principal Program Manager at Microsoft, to explore cloud attack and defense.

Location:  South Pacific
Date: Wednesday, August 7  11:15am-12:05pm

This presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation. 

Visit the Black Hat USA conference website for more information.

Is Your Active Directory Secure?

Modern Active Directory environments are typically not aligned to best protect the enterprise from the current threats. The attack vectors that were theoretical years ago are now practical. Additionally, one of the biggest vulnerabilities that most enterprises have is the legacy administration and management of the enterprise. Many organizations are still using group membership in Domain Admins to grant Active Directory administrative rights for admins and service accounts. There are a number of methods used to escalate attacker permissions once they gain a foothold and have malicious code running on one or more computers inside the perimeter. In order to properly protect modern networks a new focus on admin credential protection and management is required.

​Penetration Test (“pentest”) and Red Team engagements identify a few exploit paths used to compromise the environment. Pentests and red teams are great to identify weaknesses in security controls and highlight visibility “blind spots”, but typically don’t provide a full picture of all the potential exploitation paths in an organization. This means weak spots in Active Directory security are likely to remain putting the enterprise at risk.

Our most popular service is Trimarc's Active Directory Security Assessment which is a review of the organization’s Active Directory security posture. Trimarc reviews Active Directory and identifies as many escalation pathways as possible that an attacker could leverage to take over AD. This Trimarc engagement scans the AD environment and identifies weaknesses that could be leveraged by an attacker to elevate privileges and/or persist in the environment, potentially without detection. We probe into the dark recesses of AD to root out potential issues to help our customers proactively resolve them. After scanning AD for security issues, we provide recommendations that improve the security posture.

What Else Can Trimarc Do?

  • Provide security guidance for moving services to the cloud.

  • Align Active Directory security best practices with business process & requirements.

  • Evaluate the security posture of your Microsoft cloud tenant (Office 365)

  • Evaluate the security posture of the virtualization platform infrastructure (VMware).

  • Evaluate the security posture of the Microsoft Exchange email security configuration.

  • Leverage existing technology investments to improve enterprise security posture.

  • Perform research on new attack methods and provide briefings on effective mitigation and detection.

  • Provide Microsoft platform security expertise.

  • Help prioritize security remediation recommendations from a previous assessment.

  • Provide recommendations to improve endpoint security and attack detection.

  • Provide recommendations to improve detection of modern threat activity.

Please reload

WHAT OUR CUSTOMERS SAY

“We hired Trimarc to perform an AD security assessment.  They provided a comprehensive report on our Active Directory environment highlighting issues and concerns, but more importantly provided detailed recommendations which were useful in resolving them. 
It can be difficult to find quality services in the security realm, so I really appreciate Trimarc’s professionalism, expertise, and passion.” 

 

—  Michael B.
(Charitable Organization)

February 12, 2019

The Issue 
Recently a blog post was published by Dirk-jan Mollema titled "Abusing Exchange: One API call away from Domain Admin " (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/) which highlighted several issues with Exchange permissions and...

May 6, 2018

A common method attackers leverage as well as many penetration testers and Red Teamers is called "password spraying". Password spraying is interesting because it’s automated password guessing. This automated password guessing against all users typically avoids account...

December 3, 2017

In this presentation, we’re going to go through a little bit of what you need to know about the basics, what’s in it for you as an attacker, how you do recon in the cloud, how do you do some basic attacks, how do you get from on-premises to the cloud, how do you go bac...

November 22, 2017

I call this Active Directory Threat Hunting. Threat hunting has a lot of different connotations or ideas behind it. But I like to boil that down to what really do we care about?

February 10, 2017

Kerberoasting can be an effective method for extracting service account credentials from Active Directory as a regular user without sending any packets to the target system. This attack is effective since people tend to create poor passwords. The reason why this attack...

Please reload