Browsed by
Category: Active Directory

Any AD themed blogs

EMC File Activity Monitoring

EMC File Activity Monitoring

Note: This is the 4th and final blog of our File System security series. Check out the first three: 1) NetApp File Activity Monitoring, 2) Windows File Activity Monitoring, 3) Challenges with Native File System Access Auditing. Sign up now for my live webinar “Challenges with Relying on Native File System Logging“. Register now. In the final post of this 4 part blog series, we will take a closer look at file access auditing on an EMC Isilon file system leveraging…

Read More Read More

Defender Credential Guard: Protecting Your Hashes

Defender Credential Guard: Protecting Your Hashes

Virtualization-Based Security to Protect Your Secrets What is Windows Defender Credential Guard? Windows Defender Credential Guard is a security feature in Windows 10 Enterprise and Windows Server 2016 and above that uses virtualization-based security to protect your credentials. With Credential Guard enabled, only trusted, privileged applications and processes are allowed to access user secrets, or credentials. Without Credential Guard enabled, Windows stores credentials in the Local Security Authority (LSA) which is a process in memory. With Credential Guard enabled, it…

Read More Read More

NetApp File Activity Monitoring

NetApp File Activity Monitoring

Note: This blog is the third in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now. In our last post, we walked through configuring file access auditing on a Windows File server and explored some of the common challenges with data interpretation. In this post, we will take a similar look at file access auditing on…

Read More Read More

Anatomy of a Hack: How TEMP. Mixmaster Attackers Use TrickBot and Ryuk to Poach Big Game

Anatomy of a Hack: How TEMP. Mixmaster Attackers Use TrickBot and Ryuk to Poach Big Game

Cyber-crime continues to evolve – especially over the last year in terms of ransomware. Ransomware used to be largely a spray-and-pray proposition where attackers used automated tools to spread and encrypt as fast as possible, with immediate ransom demands. Those did enough damage. However, cybersecurity researchers are reporting a new, more patient and human-driven extortion scheme where criminals infect many networks but only select larger organizations with deeper pockets. In these larger target networks, they may dwell for as long…

Read More Read More

Microsoft Advanced Threat Analytics (ATA) Compared to StealthDEFEND for Active Directory

Microsoft Advanced Threat Analytics (ATA) Compared to StealthDEFEND for Active Directory

Detecting advanced threats against Active Directory can be approached in a variety of ways. When looking at Microsoft Advanced Threat Analytics (ATA) compared to STEALTHbits StealthDEFEND for Active Directory they have the same goal and a similar approach, however, there are some key differences. Microsoft is in a privileged position to build a threat detection solution to protect against Active Directory attacks. Their end product is similar to what you would expect from a third-party vendor. They leverage their own…

Read More Read More

LDAP Reconnaissance – Defend with StealthDEFEND

LDAP Reconnaissance – Defend with StealthDEFEND

Editor’s note: This is the second blog post in a series of blogs for using StealthDEFEND to defend against attacks. Read the first blog “Using StealthDEFEND to Defend Against Password Spraying”. In this blog post, we’ll be talking about LDAP Reconnaissance and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to LDAP Reconnaissance When an attacker initially compromises a system on a network, they may have little to no privileges within the domain and…

Read More Read More

Windows File Activity Monitoring

Windows File Activity Monitoring

Note: This blog is the second in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now. In our first post of the series, we discussed some of the challenges with native file system access auditing techniques, from the configuration all the way to one’s ability to easily understand the resultant data. In this post, we will…

Read More Read More

Active Directory Object Recovery (Recycle Bin)

Active Directory Object Recovery (Recycle Bin)

Editors note: This is the 3rd in a series of blog around Active Directory (AD) backup and recovery using STEALTHbits, StealthRECOVER. Read the 1st blog, An Introduction to Active Directory Backup and Recovery and the 2nd blog, Active Directory Object Recovery. The previous post in this series discussed the joys of Active Directory object recovery in an environment without the AD Recycle Bin. If you missed that post, I strongly encourage you to go back and read it as it is…

Read More Read More

Using StealthDEFEND to Defend against Password Spraying

Using StealthDEFEND to Defend against Password Spraying

In this blog post, we’ll be talking about Password Spraying and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to Password Spraying Password Spraying is a technique attackers leverage to guess the passwords of accounts by trying a small number of highly common passwords against a large number of accounts while also staying below an organization’s defined lockout threshold. This allows an attacker to compromise accounts without any elevated privileges and masking themselves from detection by blending…

Read More Read More

Active Directory Object Recovery

Active Directory Object Recovery

Editor’s Note: This is the 2nd in a series of blog around Active Directory (AD) backup and recovery using STEALTHbits, StealthRECOVER. Read the 1st blog, An Introduction to Active Directory Backup and Recovery. NOTE: For the purposes of this post I’m going to assume that the Active Recovery Recycle Bin has not been enabled within the domain. The AD Recycle Bin and its impact on object recovery will be covered in this series’ next post. When an object is deleted…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.