Browsed by
Category: Security

What is the Principle of Least Privilege (POLP)? – Definition and Best Practices

What is the Principle of Least Privilege (POLP)? – Definition and Best Practices

As part of a sound security structure, one of the most basic things a company can do is implement a principle of least privilege model within their organization. This blog will explain what this means and how this security model can up your security stature. Principle of Least Privilege Definition (POLP) The principle of least privilege stems from the idea that users should only have access to the resources that they need so they can adequately perform the duties that…

Read More Read More

What are Browser Cookies and How do They Work?

What are Browser Cookies and How do They Work?

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often interacting with you without your knowledge. In this blog, I will take you through a 101 primer on browser cookies. For a more in-depth look at how they may affect the security of your IT environment, I invite you to…

Read More Read More

SMBv3 Vulnerability Explained

SMBv3 Vulnerability Explained

SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far as the severity of vulnerabilities go. The version affected specifically is 3.1.1, which is a more recent version. They mention that this can be exploited from an unauthenticated attacker who sends a specially crafted packet to a target the SMBv3…

Read More Read More

What is a Ransomware Attack?

What is a Ransomware Attack?

Million-dollar ransomware payouts, government protection, and ease of access will continue to fuel the growth of cybercrime. Imagine coming to work and turning on the computer only to see a message that says “repairing file system on C:” or “oops, your important files are encrypted” demanding a payment in bitcoin to decrypt them. When you read the headlines of six-figure ransomware payouts, you might begin to wonder how hacker groups are able to seek top developers who can build tools…

Read More Read More

What is SMBv1 and Why You Should Disable it

What is SMBv1 and Why You Should Disable it

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and to the point. SMBv1 Back in the 1980s and 1990s IBM and Microsoft were working on implementations of SMB to improve and build upon the protocol. Microsoft actually pushed to rename SMB to Common Internet File System (CIFS) and added…

Read More Read More

An Oracle DBA’s Guide to Microsoft SQL Server Security

An Oracle DBA’s Guide to Microsoft SQL Server Security

In today’s world, it is quite common for companies to use more than one type of relational database platform to host enterprise applications.  If you are an old-time Oracle DBA like me and are asked to administer Microsoft SQL Servers in addition to Oracle databases, the task can be pretty daunting from a SQL Server security perspective.  In this blog, I will try to explain the differences and similarities between the Oracle and SQL Server security models.  The difference in…

Read More Read More

What is Kerberos Delegation? An Overview of Kerberos Delegation

What is Kerberos Delegation? An Overview of Kerberos Delegation

Kerberos Delegation and Usage Kerberos delegation has been around for a long time (Windows Server 2000 to be exact), but more often than not, when speaking to engineers who manage or work with Active Directory, they’re not familiar with all the various implementations of Kerberos delegation, their uses, and some ways they can be abused. What I find funny, is that most people confuse Kerberos delegation with delegated permissions. The practical usage of Kerberos delegation is to enable an application…

Read More Read More

Cybersecurity Predictions for 2020

Cybersecurity Predictions for 2020

It’s that time of the year again! As we roll into 2020 we’re proud to present our 4th edition of “STEALTHbits’ Experts Cybersecurity Predictions.” We asked eight of our top industry voices here at STEALTHbits their thoughts on what’s to come in the world of cybersecurity in the next 365 days! Read on and come back at the start of 2021 to see how we did. Ransomware Will Continue To Wreak Havoc Using the Same Old Tricks Ransomware attacks will…

Read More Read More

What is a Data Repository and What is it Used for?

What is a Data Repository and What is it Used for?

Online businesses are rapidly overtaking the revenue of brick-and-mortar businesses in today’s internet age. The changes brought forth by internet-driven communication are driving businesses to become data-driven organizations.  Organizations that master how to collect and manipulate data to their advantage will triumph over their competitors. The sheer volume of data being collected by businesses today goes beyond what traditional relational databases can handle, giving rise to a series of different data repositories – Relational Databases, Data Warehouses, Data Lakes, Data…

Read More Read More

PowerShell Tips and Tricks for Scripting Active Directory Test Environments

PowerShell Tips and Tricks for Scripting Active Directory Test Environments

In my role as a Technical Product Manager, I often find myself prepping demos, setting up test environments, and helping customers test and administrate their Active Directory environments with PowerShell. PowerShell, being the most efficient and ubiquitous method of management at scale in the Windows Server world, is my goto tool anytime I need to work with Active Directory. The vast majority of my Active Directory scripting these days is targeted at test, demo, and QA environments that frequently need…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other