Agent Hardening locks it down for STEALTHbits

Agent Hardening locks it down for STEALTHbits

Over the years, I’ve had the privilege of attending many tradeshows and conventions; some better than others. However, one thing remains the same – meeting interesting people. As a vendor, you attend expecting to be the one showing people how things are done, but more often than not this becomes a two-way conversation and I go home with plenty of new and exciting ideas to be thinking about. This year’s Black Hat USA in Las Vegas was no exception. Logs, logs…

Read More Read More

Delta Airlines, Stuxnet, and the Internet of Things

Delta Airlines, Stuxnet, and the Internet of Things

We live in a very connected world, and it’s only becoming more connected. Every day I see more and more commercials etching us further toward the “home of the future.” Not long ago would it have been unthinkable to see commercials for a Wi-fi enabled refrigerator complete with a massive touch screen (presented by America’s favorite celebrity couple) or a thermostat controlled by your phone. Now, not a day goes by that I don’t see Alec Baldwin pitching an Amazon…

Read More Read More

What’s New in StealthAUDIT v7.2?

What’s New in StealthAUDIT v7.2?

A “dot” release has never packed a bigger punch! The latest release of StealthAUDIT is all about what it should be; controlling and securing credentials and data. Attackers – whether internal or external – are after at least one of these two things, but usually both.  They continue to slip past the perimeter with relative ease, and once they do, operate undetected and largely unencumbered while they map out the environment and infect system after system like a digital cowbird….

Read More Read More

Who, What, Where, When, LDAP

Who, What, Where, When, LDAP

Who’s talking to my Active Directory? What is LDAP? Active Directory, ADAM and AD-LDS.  Microsoft’s implementation of directories that follow the X.500 standard.  Referred to as Lightweight Directory Access Protocol, or LDAP to the layman: A directory tree Domain Hierarchy Objects consisting of various attributes Users, Groups, Computers Attributes have a type, a name and a value(s) Name, sAmaccountName, Description, SIDHistory Sets of attributes make up the schema Windows 2012 r2 Forest Functional Level Each object must be unique and…

Read More Read More

STEALTHbits ProTip: Entitlement Reviews for Sensitive Data

STEALTHbits ProTip: Entitlement Reviews for Sensitive Data

Entitlement Reviews are a great way to get feedback from your business owners, and now with StealthAUDIT 7.2 we can now also canvas these same business owners for Sensitive Data Reviews. There are two optional settings to consider enabling before beginning a Data Review process. The first option is to enable the collection of File Level Details by the 1-FSAA System Scans query, to record file sizes, last modified times, and ownership and permissions data for the files scanned. This…

Read More Read More

Discovering Privileged Accounts and What They Can Do

Discovering Privileged Accounts and What They Can Do

Can They Access Sensitive Data? Businesses are facing unique challenges related to “privileged accounts,” accounts that are built into applications or systems with privileges that normal users do not have. Privileged accounts can also be created by administrators to manage specific applications, run services, execute tasks, and control file systems. Such privileged accounts are necessary for day-to-day operations in environments containing Windows domain-joined systems, standalone Windows machines, and UNIX or Linux infrastructure.  These accounts become of particular importance when they…

Read More Read More

Hacking America’s Pastime

Hacking America’s Pastime

All it took was one recycled password. If you haven’t heard the news yet, former executive for the St. Louis Cardinals baseball team Christopher Correa has officially been sentenced to 46 months in prison for hacking. This victim in this case? (Former) Rival team the Houston Astros and their internal database/communications hub aptly named “Ground Control.” So how does something like this happen? Baseball is supposed to be a game of integrity and sportsmanship! Well, it’s important to remember that America’s…

Read More Read More

Comprehensive Auditing and Protection For Group Policy Objects

Comprehensive Auditing and Protection For Group Policy Objects

Group Policy is a native Microsoft technology. It allows organizations running Active Directory to centrally control and configure both user and computer settings to domain-joined machines. Group Policy allows administrators to make sweeping changes to all aspects of connected operating systems, including the Registry, for example. When implemented properly, this technology simplifies overall operating system configuration, patching, software deployment, and security.  When implemented improperly, Group Policy is a nightmare for administrators and the security practitioners charged with measuring its effectiveness. What…

Read More Read More

Microsoft Exchange, Non-Owner Mailbox Logon: Auditing the Insider Threat

Microsoft Exchange, Non-Owner Mailbox Logon: Auditing the Insider Threat

Email, one the greatest innovations in communication since the telephone.  One could even argue that it is the most important.  The ability to have a conversation (albeit in electronic format), send vast quantities of data, and involve an unlimited number of recipients is the backbone of modern business. With each iteration, Exchange gets more and more security features. Litigation hold and classification are good examples of this.  However, as useful as they are, they don’t address the most basic security…

Read More Read More

STEALTHbits ProTip: Investigate with StealthINTERCEPT

STEALTHbits ProTip: Investigate with StealthINTERCEPT

Many of the threats discussed in the Verizon DBIR can be addressed with StealthINTERCEPT, and a little known feature called Investigate makes it easy for users to quickly retrieve the policies they care most about. StealthINTERCEPT’s Investigate feature allows users to easily view specified events across all available Policies. Defining Policies (the Who, When, Where, What, and more) can really help users access the full picture for activity. While this is especially useful for any kind of security review, it…

Read More Read More