Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment

Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment

In my last blog post, we took a look at the Data Discovery & Classification features within the Advanced Data Security (ADS) offering for Azure SQL. In this blog post, we will take a deep dive into the Vulnerability assessment. The SQL Vulnerability assessment provides administrators with a streamlined approach to identify and even remediate potential security misconfigurations or vulnerabilities within their Azure SQL databases. The Vulnerability Assessment is a scanning service that contains a set of built-in rules based…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 4

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 4

The last post, we discussed monitoring directory reads. One of the limitations of Active Directory is it offers no easy way to monitor suspicious read events, which can help you detect reconnaissance activity and stop an attack before it happens. Now let’s look at the next challenge, tracking authentication events. Challenge Four – Tracking Authentication Events With the recent surge of credential-based attacks, monitoring authentication patterns is critical to identify compromised accounts, signs of pass-the-hash and pass-the-ticket attacks, forged Kerberos…

Read More Read More

Microsoft Teams Quick Admin Guide to Collaborating Safely with External Users

Microsoft Teams Quick Admin Guide to Collaborating Safely with External Users

According to a study conducted by Mio, 91% of businesses use at least two messaging apps, of which slack and Microsoft Teams are present in 66% of the organizations surveyed. Teams adoption has been growing quickly due to its interoperability with the rest of the Office 365 suite which makes collaborating easier than ever. While collaboration is great, security is a major concern for organizations who are still considering the move to Teams from Slack, Skype, etc. The great double-edged…

Read More Read More

The Problem with PAM: Implementing Privileged Access Management Without the Pain

The Problem with PAM: Implementing Privileged Access Management Without the Pain

What Does PAM Mean To You? The term is not as straightforward as most people think… it has evolved over the years in parallel with the ever-changing security landscape. Take any combination of password management, least privilege, and session management, then throw in a smattering of role-based directory groups and you’ve kinda got it. The key misunderstanding though is that a PAM solution must come wrapped around a password vault. This is not to say that password vaults are not…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 3

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 3

So far in this series, we’ve learned that changes to groups with extensive privilege within an Active Directory (AD) environment are the target for many hackers. We then looked at how Active Directory isn’t able to log the changes made to Group Policy settings, which can lead to an attack or production outage. Challenge 3 – Monitoring Directory Reads Another aspect of detecting Active Directory attacks is understanding how users are reading and enumerating AD objects.  When attackers are looking…

Read More Read More

ProTip: Using the AIC to Identify Employees Attempting to Access Data They Shouldn’t Be

ProTip: Using the AIC to Identify Employees Attempting to Access Data They Shouldn’t Be

Breaches are an everyday occurrence. IT security professionals work tirelessly to protect against attackers penetrating their organization’s IT infrastructure, but what about the malicious insider? Do you ever wonder if users in your organization are poking around where they shouldn’t be? An easy way to investigate, using out-of-the-box capabilities aligned with StealthAUDIT 9.0 and our Access Information Center (AIC), is to leverage the activity information available via STEALTHbits Technologies: Step 1) Select any “sensitive” folder (for example HR or Finance)…

Read More Read More

Advanced Data Security Features for Azure SQL- Part 1: Data Discovery & Classification

Advanced Data Security Features for Azure SQL- Part 1: Data Discovery & Classification

Azure SQL provides DBA’s with an easy and efficient means of standing up relational database services for their cloud and enterprise applications. As with any database platform, security remains a top concern and has not been overlooked by Microsoft with the variety of security features available in Azure SQL, including those offered through the Advanced Data Security package. The Advanced Data Security package for Azure SQL provides administrators with a single go-to location for discovering and classifying data, assessing and…

Read More Read More

What is a DCShadow Attack and How to Defend Against it

What is a DCShadow Attack and How to Defend Against it

In this blog post, we’ll be covering the DCShadow attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCShadow was the topic of previous STEALTHbits Blog post, so in this post, we’ll start with a review of DCShadow and then focus on how we can DETECT and RESPOND to this attack with StealthDEFEND. Introduction to DCShadow DCShadow is another late-stage kill chain attack that allows an attacker with privileged credentials to register a “rogue” domain controller in order to PUSH changes to a…

Read More Read More

Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps

Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps

Overview In this post, I will be looking at a new exploit that leverages a weakness in Microsoft Windows Text Services Framework to launch a child process that allows for the escalation of privileges. I will give a brief overview of what the Text Services Framework service does, what the exploit is, and how it could be used. Then, I will go into more detail about how to run the exploit and different methods that can be used for detection…

Read More Read More

Next-Gen Open Source C2 Frameworks in a Post PSEmpire World: Covenant

Next-Gen Open Source C2 Frameworks in a Post PSEmpire World: Covenant

Rest in Peace PowerShell Empire PowerShell Empire (PSEmpire) is a Command and Control (C2) Post Exploitation Framework that has been discussed in a variety of posts on the STEALTHbits Blog. What is PSEmpire? PSEmpire is a great tool with a wide variety of uses in the Information Security community including learning, red teaming and even more nefarious uses such as being used by the Ryuk Ransomware. Sadly, it has been officially announced the PSEmpire is no longer being supported and development has stopped….

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.