Browsed by
Category: Security

What are Group Managed Service Accounts (gMSA)?

What are Group Managed Service Accounts (gMSA)?

High Level Overview of GMSAs Group Managed Service Accounts Overview Group Managed Service Accounts (gMSA) were introduced in Windows Server 2016 and can be leveraged on Windows Server 2012 and above. gMSAs offer a more secure way to run automated tasks, services, and applications. How are gMSAs more secure you ask? Well, their passwords are completely handled by Windows. gMSA passwords are randomly generated, automatically rotated, and not required to be known by any user. The service accounts themselves are…

Read More Read More

The Importance of Updating Your Breach Password Dictionary

The Importance of Updating Your Breach Password Dictionary

With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT be a surprise. 80% of breaches involved stolen or misused credentials1. And this makes sense … why use advanced attack techniques when stealing credentials and assuming user identities is easier, less detectable, and still works? Stealthbits leverages the “Have I Been Pwned” breach password dictionary within StealthAUDIT and StealthINTERCEPT Enterprise Password Enforcer…

Read More Read More

What is Sensitive Data?

What is Sensitive Data?

Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years. Seemingly, the definition is simple: sensitive data is any information that needs to be protected. What that really means though is often dependent on the nature of the business conducted by an organization and even more so, the responsible governing body. What is considered Sensitive Data? The categories…

Read More Read More

Windows Remote WMI Security Primer for the Faint-Hearted

Windows Remote WMI Security Primer for the Faint-Hearted

StealthAUDIT, a best in its class Data Access Governance (DAG) tool utilizes Windows Management Instrumentation (WMI) extensively to gather various pieces of information from the targeted Windows servers.  While local WMI querying is straightforward to implement and troubleshoot, remote WMI querying is another story.  Setting up remote WMI query security is a pretty daunting task if you are not willing to use an account that is either part of the Domain Administrators group or Local Administrators group.  After I ran…

Read More Read More

Auditing Administrator Access Rights

Auditing Administrator Access Rights

Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in the hands of the wrong user or an attacker can lead to a variety of undesirable outcomes, including data breaches, infrastructure outages, and compliance failures. Although Privileged Access Management (PAM) is recognized by CISOs and security professionals as one of the most important areas of focus among their…

Read More Read More

Bypassing MFA with Pass-the-Cookie

Bypassing MFA with Pass-the-Cookie

Multi-factor Authentication (MFA) is a great way to increase security on web applications, remote desktop sessions, VPN, and virtually anywhere a user can log into. By introducing one or more additional factors into the authentication process you can prove somebody actually is who they say they are, and prevent a significant amount of impersonation and credential-based attacks.  However, when adopting and implementing MFA technology it is important to understand exactly what it does and does not do, and what security gaps…

Read More Read More

What is a Data Breach and How to Prevent One

What is a Data Breach and How to Prevent One

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are many routes an organization may explore in terms of breach mitigation, but let us start at the beginning. This blog will cover some of the simple basics of a data breach – what it is, ways they are caused, etc….

Read More Read More

What is the Principle of Least Privilege (POLP)? – Definition and Best Practices

What is the Principle of Least Privilege (POLP)? – Definition and Best Practices

As part of a sound security structure, one of the most basic things a company can do is implement a principle of least privilege model within their organization. This blog will explain what this means and how this security model can up your security stature. Principle of Least Privilege Definition (POLP) The principle of least privilege stems from the idea that users should only have access to the resources that they need so they can adequately perform the duties that…

Read More Read More

What are Browser Cookies and How do They Work?

What are Browser Cookies and How do They Work?

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often interacting with you without your knowledge. In this blog, I will take you through a 101 primer on browser cookies. For a more in-depth look at how they may affect the security of your IT environment, I invite you to…

Read More Read More

SMBv3 Vulnerability Explained

SMBv3 Vulnerability Explained

SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far as the severity of vulnerabilities go. The version affected specifically is 3.1.1, which is a more recent version. They mention that this can be exploited from an unauthenticated attacker who sends a specially crafted packet to a target the SMBv3…

Read More Read More

Start a Free Stealthbits Trial!

No risk. No obligation.