Browsed by
Author: Jonathan Sander

Jonathan Sander is STEALTHbits’ Chief Technology Officer (CTO). As CTO, he is responsible for driving technical innovation, ensuring that STEALTHbits is well positioned in their current and emerging markets, and he will also lead corporate development efforts. Jonathan also plays the role of evangelist at STEALTHbits venues large and small. Prior to STEALTHbits, Jonathan was VP of Product Strategy for Lieberman Software. As part of Quest Software from 1999 through 2013, he worked with the security and ITSM portfolios. He helped launch Quest’s IAM solutions, directing all business development and product strategy efforts. Previous to that, Mr. Sander was a consultant at Platinum Technology focusing on the security, access control and SSO solutions. He graduated from Fordham University with a degree in Philosophy.
National Cyber Security Awareness Month (NCSAM) – Week 3 – Today’s Predictions for Tomorrows Internet

National Cyber Security Awareness Month (NCSAM) – Week 3 – Today’s Predictions for Tomorrows Internet

If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The third week theme for National Cyber Security Awareness Month (NCSAM) is…

Read More Read More

National Cyber Security Awareness Month (NCSAM) – Week 2 – Cybersecurity in the Workplace Is Everyone’s Business

National Cyber Security Awareness Month (NCSAM) – Week 2 – Cybersecurity in the Workplace Is Everyone’s Business

If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The second week theme for National Cyber Security Awareness Month (NCSAM) is…

Read More Read More

Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks

Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks

What Does Persistence Mean on a File System? In our first file system attack, we found places where we’re likely to get good data with the credentials we’ve been able to steal. Our second attack let us focus in on only the data that is worth the time to steal so we can lessen the chances of getting caught – or at least get the best stuff before we do. The final stage in these attacks is typically persistence. Finding…

Read More Read More

National Cyber Security Awareness Month (NCSAM) – Week 1 – Simple Steps to Online Safety

National Cyber Security Awareness Month (NCSAM) – Week 1 – Simple Steps to Online Safety

If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The first week theme for National Cyber Security Awareness Month (NCSAM) is…

Read More Read More

Attack Step 2: Targeting Interesting Data – File System Attacks

Attack Step 2: Targeting Interesting Data – File System Attacks

Sifting Through The Sands In the last post, we looked at how to find file shares where data we may want to steal lives. We used both Python based and PowerShell based approaches to this. Now we’re going to take the next step and find actual files of interest. Even the smallest organization can have many thousands of files. The bad guys would drown in all that data if they didn’t have ways to narrow down what they’re looking for….

Read More Read More

STEALTHbits at Microsoft Ignite 2017 – Insider Threat Podcast #8

STEALTHbits at Microsoft Ignite 2017 – Insider Threat Podcast #8

In our eight edition of the Insider Threat Podcast, we spoke with the most senior member of the STEALTHbits team, Adam Laub. Adam had just been to the Microsoft Ignite conference, and brought us some insight into what the pulse of the show was. We brought our new focus on Threat Protection to the show in a big way. People’s reactions were very positive. We had more people stopping by and spending time with us than ever before. Of course,…

Read More Read More

Attack Step 1: Finding Where Data Lives – File System Attacks

Attack Step 1: Finding Where Data Lives – File System Attacks

Finding Where Interesting Information May Live We’re going to make some assumptions at the start of this attack. We will assume we already have full access to any credentials we need. Why? Because we’ve already shown you how you can grab any credential you might need all the way up to the highest level of administrative rights. The question you now need to ask is this: what can you do with those rights? Credentials are the means, but data is…

Read More Read More

File System Attacks

File System Attacks

Credentials Are the Means to Attack Data If you’ve been reading the attack blog series until now, you’ve seen we have focused on attacks against Active Directory – like attacking core AD infrastructure, leveraging AD service accounts to attack, attacking AD with misconfigured permissions, and our series on Mimikatz attacks. Of course, AD is the hub for so much access to data in any organization that it may feel like those attacks actually compromise everything else. Today we’re kicking off…

Read More Read More

Stealing Sensitive Data One User at a Time: The Unlikely Headline

Stealing Sensitive Data One User at a Time: The Unlikely Headline

Sensitive Data Attacks vs. Typical Headlines As I write this, you are likely reading something about the Equifax breach. The attention it is getting is well-deserved. So many millions of personal records and sensitive data exposed are always a cause for concern. However, it feeds an unhealthy cycle. Huge breaches happen when attackers break a web application—or get lucky with phishing and pull a huge spreadsheet off the first desktop they hit. This causes the press to believe that all…

Read More Read More