15 Cases for File Activity Monitoring: Part 1

15 Cases for File Activity Monitoring: Part 1

For many organizations, monitoring file activity is challenging due to the configuration complexity and performance concerns associated with native auditing. As a result, administrators do not have a way to answer some of their most critical questions. In this three-part blog series, we’ll discuss 15 real-life use cases where STEALTHbits file activity monitoring solutions can play a key role in solving critical change and access issues without the use of native logs. Case 1: Pre-Departure Data Exfiltration This first case…

Read More Read More

What is Data Classification?

What is Data Classification?

The concept of Data Classification as a whole can become confusing, generally due to the term not being standardized in the space. This term usually evokes one of two thoughts: determining what type of information is in a piece of data or marking/tagging a piece of data based on content determination. Both of these are important in the overall data governance plan within an organization for different reasons. Data Classification as Identification Frequently data classification is along the lines of…

Read More Read More

How to Secure SharePoint

How to Secure SharePoint

SharePoint continues to remain one of the most popular content collaboration platforms (CCP) at the enterprise-level, continuing to grow in adoption year over year. This adoption shows not only growth in the expected area of SharePoint Online, but continued expansion in SharePoint On-Premises as well. As SharePoint continues to grow, one of the largest areas of concern is around the security of the platform. A well designed, maintained, and governed SharePoint farm is usually a very safe environment, but often…

Read More Read More

Honey Token Threat Detection with StealthDEFEND

Honey Token Threat Detection with StealthDEFEND

In this post we will discuss the concept of Honey Pots, and how StealthDEFEND utilizes Honey Tokens in its threat detection to provide an additional line of defense against attackers. Introduction to Honey Pots Wikipedia defines “Honey Pots” as a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Honey Pots are not a new concept in the realm of Information Security. Implementations of Honeypots in the form of Servers, Databases,…

Read More Read More

The Open Share Epidemic

The Open Share Epidemic

Open Access or unrestricted file share access is an inevitable condition that exists in most, if not all, enterprise environments. Many organizations create ‘Open Shares’ to allow end users an easy way to access resources. What is an Open Share? These shares are open in the sense that access to them is unrestricted at both the Share and NTFS levels, meaning most end users can access them. This is achieved by the use of ‘Open Access Groups’ such as the…

Read More Read More

Cracking Active Directory Passwords with AS-REP Roasting

Cracking Active Directory Passwords with AS-REP Roasting

While looking at Pass-the-Ticket we explored a tool Rubeus by Harmj0y which can be used to experiment with Kerberos security in Active Directory and explore various attack vectors.  One of the areas I found interesting when testing Rubeus was the different password cracking options it made available.  This includes two primary methods: Kerberoasting and AS-REP Roasting.  The most frightening part of both of these techniques is that they can be performed without any special privileges on the domain, making them…

Read More Read More

Commando VM: Using the Testing Platform

Commando VM: Using the Testing Platform

Windows Offensive VM from Mandiant FireEye Previously, I wrote a high-level overview of the testing platform Commando VM and an installation guide to get started with it. Today, I’ll be diving into a proof of concept of sorts to show off some of the tools and flexibility that the testing platform offers. My goal with this post is to highlight some things that can be done with the platform, situations enterprises should try to be wary of, and some ways…

Read More Read More

SharePoint Activity Monitoring: How to do it And What to Look For

SharePoint Activity Monitoring: How to do it And What to Look For

SharePoint offers options for collecting activity which may prove useful for many different reasons. Whether that reason is for security auditing or fulfilling other compliance requirements, in order to make use of it – it must be turned on and you need to know what you are looking for. The purpose of this blog is to show you what kind of activity is available, how to enable activity auditing and how to make use of that data. Events Available for…

Read More Read More

What is the Kerberos PAC?

What is the Kerberos PAC?

The Privileged Attribute Certificate (PAC) is an extension to Kerberos tickets that contains useful information about a user’s privileges.  This information is added to Kerberos tickets by a domain controller when a user authenticates within an Active Directory domain.  When users use their Kerberos tickets to authenticate to other systems, the PAC can be read and used to determine their level of privileges without reaching out to the domain controller to query for that information (more on that to follow)….

Read More Read More

Commando VM: Installation & Configuration

Commando VM: Installation & Configuration

Windows Offensive VM from Mandiant FireEye Last time, I wrote a high-level overview of Commando VM and why it is important for both red and blue teamers to be familiar with the tools that come pre-packaged in testing platforms like this one. Today, I’ll be covering the installation and any configuration needed to get up and running with Commando VM. Prerequisites Commando VM can be installed on a virtual machine or physical machine but for ease of use and deployment,…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.