Browsed by
Category: Active Directory

Any AD themed blogs

How to Restore Deleted Active Directory Objects

How to Restore Deleted Active Directory Objects

AD Installation Overview As the primary authentication service in the majority of organizations worldwide, the health and operational integrity of Active Directory has a direct impact on the overall security of your organization. The capability to rollback and recover from changes to your Active Directory infrastructure, whether accidental or malicious, is an important and often overlooked aspect of your ability to maintain the security and performance of your network When Active Directory objects are deleted, they are placed in the Deleted…

Read More Read More

GDPR – One Year Later…

GDPR – One Year Later…

The penalty for failure to comply with the General Data Protection Regulation (GDPR) is up to $22 million or 4% of annual global turnover (whichever is greater). By now most organizations around the globe know that regardless of where they are based, this regulation affects them if they are doing business with EU citizens. Aside from having a responsibility to properly handling personal data, that amount of money can really hurt your business. For example, under the Data Protection Act of…

Read More Read More

Have I Been Pwned Database: Here’s What We Can Learn

Have I Been Pwned Database: Here’s What We Can Learn

Recently, I was doing some research on password security using breached password databases to understand the value they bring when trying to improve overall password security. One very good database is the “Have I been pwned” database. I’ve Been Pwned For those of you who have not used this excellent public resource, it’s a collection of over 551 million unique breached password hashes. The website allows you to see if your username or password has been exposed in a data…

Read More Read More

How to Backup and Recover Group Policy Objects

How to Backup and Recover Group Policy Objects

Editor’s note: This is the 5th and final blog series around Active Directory (AD) backup and recovery using STEALTHbits, StealthRECOVER. Read the 1st blog An Introduction to Active Directory Backup and Recovery, the 2nd blog Active Directory Object Recovery, the 3rd blog Active Directory Recover (Recycle Bin), and the 4th blog How to Rollback and Recover Active Directory Object Attributes. Welcome to the final post in this Active Directory Backup and Recovery blog series, which will discuss the backup and…

Read More Read More

Office 365 Security and Compliance: Guide to Creating Custom Sensitive Info Types and DLP Policies

Office 365 Security and Compliance: Guide to Creating Custom Sensitive Info Types and DLP Policies

In my last blog post, I covered configuring some of the out of the box data loss prevention policies that Microsoft’s security & compliance center offers. Yet in order to meet the specific needs of your organization, custom information types and DLP policies can be created. In this guide, I will show you how to use Microsoft Office 365’s Security and Compliance center to categorize sensitive content with custom sensitive information types and create custom data loss prevention (DLP) policies….

Read More Read More

Running LAPS in the Race to Security

Running LAPS in the Race to Security

Managed Passwords for Local Administrator Accounts What is Microsoft LAPS? Microsoft Local Administrator Password Solution (LAPS) is a password manager that utilizes Active Directory to manage and rotate passwords for local Administrator accounts across all of your Windows endpoints. LAPS is a great mitigation tool against lateral movement and privilege escalation, by forcing all local Administrator accounts to have unique, complex passwords, so an attacker compromising one local Administrator account can’t move laterally to other endpoints and accounts that may…

Read More Read More

How to Defend against AdminSDHolder Attacks

How to Defend against AdminSDHolder Attacks

In this blog post, we’ll be discussing the topic of the AdminSDHolder object in Active Directory and how it can be utilized in Active Directory attacks. Finally, we will discuss how to use StealthDEFEND to detect and respond to this type of attack. Introduction to the “AdminSDHolder” The AdminSDHolder is an Active Directory object that is basically a container to essentially act as a security descriptor template for protected accounts and groups in an Active Directory domain A security descriptor…

Read More Read More

How to Rollback and Recover Active Directory Object Attributes

How to Rollback and Recover Active Directory Object Attributes

Editors note: This is the 4th in a series of blogs around Active Directory (AD) backup and recovery using STEALTHbits, StealthRECOVER. Read the 1st blog, An Introduction to Active Directory Backup and Recovery, the 2nd blog, Active Directory Object Recovery, and the 3rd blog Active Directory Recover (Recycle Bin). The previous two posts in this series focused on Active Directory deleted object recovery. This post will explore a different type of Active Directory recovery. Consider the following scenario: Our story begins with a…

Read More Read More

ProTip – Utilizing STEALTHbits to Move Away from Relying on Native File System Logging

ProTip – Utilizing STEALTHbits to Move Away from Relying on Native File System Logging

If you have been following our 4 part blog series, “Challenges with Relying on Native File System Logging” you have seen some of the many challenges of auditing and collecting file activity natively. The blog series is also going to be followed by an awesome webinar. If you haven’t seen any of the blog posts be sure to check them out: NetApp File Activity Monitoring Windows File Activity Monitoring Challenges with Native File System Access Auditing EMC File Activity Monitoring…

Read More Read More

EMC File Activity Monitoring

EMC File Activity Monitoring

Note: This is the 4th and final blog of our File System security series. Check out the first three: 1) NetApp File Activity Monitoring, 2) Windows File Activity Monitoring, 3) Challenges with Native File System Access Auditing. Sign up now for my live webinar “Challenges with Relying on Native File System Logging“. Register now. In the final post of this 4 part blog series, we will take a closer look at file access auditing on an EMC Isilon file system leveraging…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.