INSIDER THREAT SECURITY BLOG

Awareness is the first and most essential ingredient in any successful risk mitigation strategy.  StealthAUDIT v8.1 has been enhanced to extend your awareness into high risk conditions that can easily sneak up on you in three key ways: SQL Database Security – Discover, assess access, and monitor activity within SQL databases, scouring each for sensitive data that attackers are likely to target Weak Password Identification – Identify Active Directory user accounts leveraging passwords con…

In our last post, we learned about password spraying and how effective this can be to compromise AD accounts with weak and commonly used passwords.  Now let’s take a look at how an attacker could take this approach and put it into practice to compromise your domain.  For that, we are going to use BloodHound, a very useful open-source application for penetration testing AD security and planning attack paths to compromise high value accounts.  We’ve covered BloodHound in our perm…

If you haven’t heard, October was National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team observed the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The fifth week theme for National Cyber Security Awareness Month (NCSAM) is “Protecting Critical Infrastructure F…

Update 2017-10-27 1:30pm EDT: Multiple researchers are reporting an exploit in the BadRabbit sample that is largely based on the EternalRomance exploit published in the ShadowBrokers leak. On October 24, 2017, STEALTHbits was alerted to a ransomware campaign spreading across Eastern Europe and Russia. There are reports that the infection is leveraging the EternalBlue, the exploit generally believed to be developed by the U.S. National Security Agency (NSA), however there is no evidence to su…

If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The third week theme for National Cyber Security Awareness Month (NCSAM) is “Today’s Predictions for Tomorr…

In the ninth edition of the Insider Threat Podcast, Jonathan Sander and I did a little role reversal. I played Zorak to Jonathan’s Space Ghost and was asking the questions – the topic this week is File System attacks. A topic that we have noticed not many struggles with, but one that we increasingly see as an attack vector. Jonathan has been researching these attacks recently and has been blogging about them in length. So we sat down to talk about the ways File Systems can be attacked, data e…

If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The second week theme for National Cyber Security Awareness Month (NCSAM) is “Cybersecurity in the Workpl…

What Does Persistence Mean on a File System? In our first file system attack, we found places where we’re likely to get good data with the credentials we’ve been able to steal. Our second attack let us focus in on only the data that is worth the time to steal so we can lessen the chances of getting caught – or at least get the best stuff before we do. The final stage in these attacks is typically persistence. Finding a way to stay in the systems even after we get caught and tossed out the fi…

NetApp Insight, NetApp’s annual technical conference, brought together storage and data management professionals to discuss changing the world with data. In over 200 technical sessions and the Insight Central exhibit hall, organizations learned how NetApp’s Data Fabric can help them: Harness the power of the hybrid cloud Build a next-generation data center Modernize storage through data management The conference was almost canceled due to the tragic shooting in Las Vegas. However, Net…

If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The first week theme for National Cyber Security Awareness Month (NCSAM) is “STOP. THINK. CONNECT.&#x2122…