Pragmatic Data Security Best Practices: Part 2

Pragmatic Data Security Best Practices: Part 2

The last post, we started discussing the importance of protecting Active Directory and your unstructured data. Today, we’ll continue our discussion with the next three data security best practices to ensure the security of your data. Pragmatic Data Security Best Practice #2: Monitor Activity Monitoring activity is an essential capability, but be careful not to bite off more than you can chew. The best way to make effective use of your monitoring efforts is to focus on specific scenarios you’d…

Read More Read More

Setup, Configuration, and Task Execution with Covenant: The Complete Guide

Setup, Configuration, and Task Execution with Covenant: The Complete Guide

In this blog post, we are taking a deeper dive into Covenant. Covenant is one of the latest and greatest Command and Control (C2) Post Exploitation Frameworks which I covered in In my previous blog post. In that post, we discussed Covenant on a high level but now let’s go through the process of configuring and using Covenant to execute payloads on compromised hosts. NOTE: This post demonstrates the capabilities of Covenant in Mid-September 2019. Getting Setup and Starting Covenant…

Read More Read More

A Guide to Active Directory User Logon Metadata

A Guide to Active Directory User Logon Metadata

This blog post is the first in a series about Active Directory attributes with values or behaviors that can be easily and inadvertently misinterpreted and misused. This series will provide information about these attributes, including both their limitations and their valid usages with respect to the administration of Active Directory. Active Directory user objects possess a number of logon metadata attributes that are often leveraged in Active Directory audit reporting and administration. One of their most common uses is to…

Read More Read More

Pragmatic Data Security Best Practices: Part 1

Pragmatic Data Security Best Practices: Part 1

Data security is a major issue for any company that has valuable information to protect. Breaches of that data can cost an organization dearly in the form of business disruption, loss of revenue, fines, lawsuits, and perhaps worst of all, the loss of trust between the organization and its customers and partners. But the challenge of securing all that data is daunting. It’s easy to lose sight of the fact that some small changes can have a major impact. Just…

Read More Read More

Protecting Against DCShadow

Protecting Against DCShadow

What Organizations Can Do to Stop a DCShadow Attack Recently, I came across a post outlining how companies CANNOT effectively defend against a DCShadow attack but instead need to take a reactive approach to identify when it may have occurred by monitoring their environment, and rolling back any unwanted changes once they were identified. Unfortunately, reacting to an incident could mean the damage is already done and a malicious actor has run off with the ‘keys to the kingdom’. The…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 5

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 5

Now that we understand how monitoring authentication patterns and authentication-based attacks can lead to an overwhelming amount of data which prevents any meaningful analysis, we can focus on our fifth, and final challenge of monitoring critical systems. Challenge 5 – Permission Changes and Object Changes Some of the most important changes to monitor within Active Directory are the changes to the security of the containers and objects.  Permissions control who can elevate privileges by changing group policies, adding members to…

Read More Read More

Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment

Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment

In my last blog post, we took a look at the Data Discovery & Classification features within the Advanced Data Security (ADS) offering for Azure SQL. In this blog post, we will take a deep dive into the Vulnerability assessment. The SQL Vulnerability assessment provides administrators with a streamlined approach to identify and even remediate potential security misconfigurations or vulnerabilities within their Azure SQL databases. The Vulnerability Assessment is a scanning service that contains a set of built-in rules based…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 4

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 4

The last post, we discussed monitoring directory reads. One of the limitations of Active Directory is it offers no easy way to monitor suspicious read events, which can help you detect reconnaissance activity and stop an attack before it happens. Now let’s look at the next challenge, tracking authentication events. Challenge Four – Tracking Authentication Events With the recent surge of credential-based attacks, monitoring authentication patterns is critical to identify compromised accounts, signs of pass-the-hash and pass-the-ticket attacks, forged Kerberos…

Read More Read More

Microsoft Teams Quick Admin Guide to Collaborating Safely with External Users

Microsoft Teams Quick Admin Guide to Collaborating Safely with External Users

According to a study conducted by Mio, 91% of businesses use at least two messaging apps, of which slack and Microsoft Teams are present in 66% of the organizations surveyed. Teams adoption has been growing quickly due to its interoperability with the rest of the Office 365 suite which makes collaborating easier than ever. While collaboration is great, security is a major concern for organizations who are still considering the move to Teams from Slack, Skype, etc. The great double-edged…

Read More Read More

The Problem with PAM: Implementing Privileged Access Management Without the Pain

The Problem with PAM: Implementing Privileged Access Management Without the Pain

What Does PAM Mean To You? The term is not as straightforward as most people think… it has evolved over the years in parallel with the ever-changing security landscape. Take any combination of password management, least privilege, and session management, then throw in a smattering of role-based directory groups and you’ve kinda got it. The key misunderstanding though is that a PAM solution must come wrapped around a password vault. This is not to say that password vaults are not…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other