15 Cases for File Activity Monitoring: Part 2

15 Cases for File Activity Monitoring: Part 2

If you read part 1 in this series, you caught a glimpse of how STEALTHbits file activity monitoring solutions help solve critical change and access issues without the use of native logs. Today we’ll delve deeper into the explanation of these solutions and reveal five more real-life cases where you could use our file activity monitoring solutions. Case 6: File Tampering File tampering is when a user modifies the contents of a file such as spreadsheet calculations or other data….

Read More Read More

Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups

Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups

At STEALTHbits, we often describe Active Directory as holding ‘the keys to the kingdom’. It stores the users and groups that grant access to an organization’s most sensitive information and should be protected for this very reason.  From an access management perspective, most administrators will stand behind the best practice of assigning access to groups instead of users. This is because it not only makes administration and management of this access more efficient for them but also has real benefits…

Read More Read More

ProTip: Utilizing the New Active Directory Activity Reporting in StealthAUDIT 9.0

ProTip: Utilizing the New Active Directory Activity Reporting in StealthAUDIT 9.0

The recent release of StealthAUDIT 9.0 brings a lot of new features and exciting improvements.  Among them, include enhancements and capabilities aligning to our Active Directory (AD) & Azure, Box, Dropbox, Exchange, File Systems, SharePoint, and Windows modules. We even introduced a new module for Oracle database auditing and compliance reporting which is very exciting for our users, enabling them to understand permissions, activity events, sensitive data and configuration related information within those environments. One of the more exciting features,…

Read More Read More

Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Over the years when presenting at conferences, user groups, and customer presentations I have often talked about some of the “new ways” to help learn tools and techniques in information security. One of the resources I specifically recommend is using Docker containers and Windows Subsystem for Linux to quickly experiment with tooling without the need to manage a virtual machine or other infrastructure. I have often been asked to expand upon this topic so I wanted to document some of…

Read More Read More

Lateral Movement Through Pass-the-Cache

Lateral Movement Through Pass-the-Cache

Lateral movement techniques like Pass-the-Hash, Pass-the-Ticket, and Overpass-the-Hash provide attackers with ways to take stolen or compromised credentials and spread out across a network to achieve privilege escalation.  I recently found myself testing some Active Directory attacks from a Kali Linux host, and needed a way to use compromised credentials from this Linux system on my Windows boxes.  Luckily, this is something supported by Mimikatz and surprisingly easy to perform.  This technique, known as Pass-the-Cache, allows an attacker to take…

Read More Read More

Resource-Based Constrained Delegation Abuse

Resource-Based Constrained Delegation Abuse

Abusing RBCD and MachineAccountQuota Delegation is an area that is confusing and complicated for most Active Directory administrators. Unconstrained delegation, constrained delegation, and even resource-based constrained delegation all play a role in not only your Active Directory infrastructure, but also its security posture. For example, unconstrained delegation is very insecure, and can be abused relatively easily. If you’re unfamiliar with the different types of delegation and how they work, I suggest reading harmj0ys Another Word on Delegation as he’s done…

Read More Read More

Open Access in SharePoint – What it is And How to Find it

Open Access in SharePoint – What it is And How to Find it

Within SharePoint, there are a few groups which can give ‘Open Access’ to a given resource that can leave the environment vulnerable depending on where these groups exist. With open access comes the increased risk of data being ‘lost’ and with data loss comes risks to sales and revenue, lawsuits, IP theft, and subsequently – compliance breaches. What is Open Access? An instance of open access exists whenever one of the large groups described below has access to a resource….

Read More Read More

Announcing StealthAUDIT 9.0

Announcing StealthAUDIT 9.0

StealthAUDIT 9.0 – Something for Everyone  If you know StealthAUDIT, you know it’s one of the most versatile technologies around for addressing a broad range of data collection and analysis, reporting, and governance needs. StealthAUDIT appeals to the requirements of multiple audiences within an organization, simultaneously facilitating successful outcomes for security, compliance, and operationally focused teams. While its usefulness to so many is one of the things that makes StealthAUDIT so unique amidst a landscape of point products, we’d argue that its versatility is actually a necessity for any organization looking…

Read More Read More

Announcing StealthDEFEND 2.1

Announcing StealthDEFEND 2.1

When we released StealthDEFEND 2.0 earlier this year, we knew we were breaking new ground in the Active Directory security space. We had delivered a solution purpose-built to detect the most advanced attacks against Active Directory in real-time, drastically reducing time to detection while increasing the ability for organizations to respond to these attacks quickly and efficiently. The response (pun intended) has been tremendous.  In version 2.1, we’re taking StealthDEFEND to another level with a plethora of usability enhancements, threat model refinements, and general improvements. Most interestingly, however, is what we’ve done to help you become more proactive in the fight against Active Directory…

Read More Read More

What is a Global Catalog Server?

What is a Global Catalog Server?

The global catalog is a feature of Active Directory (“AD”) domain controllers that allows for a domain controller to provide information on any object in the forest, regardless of whether the object is a member of the domain controller’s domain. Domain controllers with the global catalog feature enabled are referred to as global catalog servers and can perform several functions that are especially important in a multi-domain forest environment: Authentication. During an interactive domain logon, a domain controller will process…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.