| Date | Title |
| 11/21/2024 |
UAC Replacement? Understanding Windows 11's New Administrator Protection Feature
|
| 11/19/2024 |
Skipping the Endpoint: A Deep Dive into Using Identity as the Basis for Incident Response
|
| 10/10/2024 |
Assessing Your Active Directory: Group Related Risks
|
| 7/25/2024 |
Linux Privilege Elevation: Breaking out of Sudo with GTFOBins
|
| 7/18/2024 |
Assessing the Security of Your Active Directory: Privileged Account Risks and Controls
|
| 7/17/2024 |
IT Asset Visibility: Discovering Unknown Devices and Systems on Your Network
|
| 6/18/2024 |
Unpacking the Evolution of Geopolitical Cyberattack Tactics, Step-By-Step
|
| 5/21/2024 |
The Advantages and Limitations of MFA: A Look into Common Bypass Techniques and Security Counter Measures
|
| 5/16/2024 |
Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens
|
| 4/25/2024 |
Assessing the Security of Your Active Directory: User Accounts
|
| 4/23/2024 |
Unpacking a Linux Supply Chain Compromise Using the Recently Published XZ Utils Backdoor as the Example
|
| 3/26/2024 |
An Analysis and Live Demonstration of the Emerging Attack Vector of Malicious Extensions
|
| 3/12/2024 |
Risks of Identity and Credential-Based Cyber Attacks - From Cracking Passwords, Stealing Credentials, & Elevating Privileges to Full Admin
|
| 2/13/2024 |
Identity Attack Surface Key Weakness Analysis Redux: Shifting from On-Prem to Cloud
|
| 1/25/2024 |
Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
|
| 1/23/2024 |
Patient Zero: What It Takes to Identify New EXEs Appearing on Your Network
|
| 12/14/2023 |
Building an Incident Response Playbook on the Fly Against Scattered Spider Lateral Movement
|
| 11/15/2023 |
IDAT Loader: A Malware Family First Look Deep Dive with Security Researchers That Helped Discover It
|
| 10/26/2023 |
Analysis of the Key Weaknesses and Exposures in the Identity Attack Surface
|
| 9/28/2023 |
Why SIEM is Difficult
|
| 9/26/2023 |
Uncovering Endpoint Compromise in Ransomware Attacks: Using Velociraptor to Investigate, Monitor, and Remediate Threat Activity
|
| 8/2/2023 |
Advanced Windows Security Logging with Sysinternals Sysmon 15: Tracking and Blocking PE Executable Files
|
| 7/25/2023 |
Stopping Attacks at the Windows Endpoint: The Lockdown Efficacy of Native Endpoint Management
|
| 6/22/2023 |
Beyond Active Directory: Protecting the Other 96% of Your Organization’s Passwords
|
| 6/20/2023 |
IOCs of Trusted Vendor Compromise: Learning from Common Attack Chain Techniques
|
| 6/8/2023 |
BlackLotus and the Untold Story of how UEFI Secure Boot Became a Gateway for Cyber Attacks on Millions of Servers
|
| 5/18/2023 |
Implementing Least Privilege in Linux – Sudo and Beyond
|
| 5/10/2023 |
Ultimate IT Security’s Ransomware Summit
|
| 5/4/2023 |
AD Password Security Deep Dive: NTLM, Kerberos, Hashing and Beyond
|
| 3/23/2023 |
What’s New in Kali Linux and the Latest Password Cracking Tools
|
| 3/16/2023 |
Breaking Down the Evolution of Ransomware Droppers Using Qakbot’s Use of OneNote as the Example
|
| 3/14/2023 |
A Look at Password Spraying Attacks and the Role of Weak Passwords
|
| 2/21/2023 |
Removing Endpoint Admin Rights from Technical Users: Stopping the Attack While Enabling the User
|
| 2/2/2023 |
Breakdown of a Phishing Attack: Dissecting the Uber and MailChimp Data Breaches Before and After the Inbox
|
| 1/26/2023 |
Surveilling Outbound DNS Queries to Disrupt Phishing and Cutting Off Malware from C&C
|
| 12/13/2022 |
Real-Time Analysis of Qakbot: A Detailed Look into the World’s Most Persevering Trojan
|
| 12/8/2022 |
Unpacking Black Basta: A Practical Look at the Newest Ransomware’s Attack Actions and Mitigations
|
| 12/1/2022 |
Beyond Root: How Flaws in UEFI Secure Boot Allow Remote Attackers to Run Malware Beneath the OS and Survive Clean Re-Install and Even Disk Replacement
|
| 11/29/2022 |
Hive Ransomware Walkthrough – from Initial Exploit and Infection to Detection and Investigation
|
| 11/17/2022 |
Exploring The Critical Blind Spots of Privileged Access: Service Accounts and MFA in Active Directory
|
| 11/15/2022 |
Privilege Escalation on Linux – Top Hacker Techniques to Get Root: Including Popular Automation Tools Such as LinEnum & LinPeas
|
| 11/8/2022 |
When the Bad Guy Needs More Than Just Credentials: Deep Dive Analysis of Multi-Factor Authentication Request Generation Attacks
|
| 10/19/2022 |
Ultimate IT Security’s Cyber Insurance Summit
|
| 10/13/2022 |
Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
|
| 10/6/2022 |
The World Wide Web of Risk: Mitigating the Risk of Vulnerable 3rd Parties and Business Partners
|
| 9/22/2022 |
The Importance of Configuration Management in Your Security Program When “Everything’s Everywhere, All at Once”
|
| 9/8/2022 |
Implementing a Least Privilege Management Framework on Windows and macOS Devices
|
| 9/6/2022 |
Multi-Staged JavaScript Malware Deep Dive: Walking Through Observed Attack Behaviors of Gootloader Delivering IcedID
|
| 8/18/2022 |
Active Directory Password Management: Understanding the Controls, Risks and Gaps
|
| 8/11/2022 |
Anatomy of a Zero Day: How Follina Tricks Word Into Running Arbitrary Code Even with Macros Disabled and Despite Protected View
|
| 8/4/2022 |
Understanding Logon Events in the Windows Server 2022 Security Log
|
| 7/28/2022 |
Firmware Turns Out to Be Soft and Squishy: 5 Reasons Why Firmware Attacks are the New Front in the Cyber War
|
| 7/21/2022 |
Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System
|
| 7/19/2022 |
Detecting and Stopping Ransomware at its Most Critical Step – Lateral Movement
|
| 6/30/2022 |
Tier Zero: What It Is, Its Importance, Its Boundaries, and Detecting Out-of-Bounds Activity
|
| 6/23/2022 |
Preventing and Detecting Modern PowerShell Attacks – MITRE ATT&CK T1059.001
|
| 6/16/2022 |
The Fine Art of Privilege Escalation Attacks on Windows Using winPEAS and Sherlock
|
| 6/2/2022 |
Using Lessons Learned from Noteworthy Vulnerabilities to Protect Your Organization Against Them
|
| 5/12/2022 |
Rook Ransomware Incident Lifecycle Deep Dive: Making Use of Defense-in-Depth for Early Ransomware Detection and Response
|
| 5/5/2022 |
Exploring the 3 Major Threat Detection Methods: Signature, Behavior, Machine Learning
|
| 5/3/2022 |
Hybrid AD Security: Everything to Know about Passwords in Azure and On-Prem Active Directory
|
| 4/7/2022 |
Identifying Benign Websites Is About to Get Harder: The Demise of the Alexa Top Million
|
| 3/31/2022 |
A Look at the Threat of Open Source Vulnerability Attacks Using Log4j as the Example
|
| 3/29/2022 |
A Real-World Look at Analysis, Detecting, and Preventing Two Types of Manual Lateral Movement in Active Directory Environments
|
| 3/22/2022 |
A Closer Look at Hacking Gamification and Hacking eSports Using Kali & Live Hacks of Linux and Windows
|
| 3/17/2022 |
A look at Cyberwarfare Actions and Detection Using HermeticWiper Malware as the Example
|
| 3/10/2022 |
All It Takes is One Account: Using Insecure Group Policy Objects to Demonstrate Real Attack Paths in AD
|
| 3/8/2022 |
Best Practices for Protecting Modern Applications and APIs Against Emerging Threats
|
| 2/24/2022 |
Understanding Security and Privileged Access in Azure Active Directory
|
| 2/22/2022 |
Banking Trojan Deep Dive: Exposing Obfuscation and Anti-Analysis Measures for Improved Detection Using Gootkit
|
| 2/10/2022 |
Top 5 Challenges with Scaling Out Windows Event Collection
|
| 1/27/2022 |
Detect When Your Domain is Phished: Top 10 Ways Attackers Mangle Your Domain Name
|
| 12/16/2021 |
You Can’t Protect Without Knowing What You Have: A Deep Dive into How to Leverage Complete Asset Visibility as the Foundation for Protecting Against Emerging Threats
|
| 12/7/2021 |
2021 Year in Review: Using Notable Vulnerabilities from this Year to Improve your Future Vulnerability Discovery and Remediation Efforts
|
| 11/30/2021 |
Exposing the Insecurity of Weak Passwords… and How it Helps the Threat Actor
|
| 11/11/2021 |
Solarmarker, Part II: A Security Analyst’s Perspective and Live Analysis on Threat Actions Taken
|
| 11/4/2021 |
It’s Complicated: The Special Risks of Password Spraying to AD and Azure AD and How to Prevent and Detect
|
| 11/2/2021 |
Ransomware-as-a-Service Breakdown: Auditing Conti and REvil TTPs Using the MITRE ATT&CK Framework
|
| 10/28/2021 |
A Deep Dive into Social Engineering-Enabled Insider Threats Using Real-World Examples
|
| 10/26/2021 |
The Role of Encrypted Communications in Attacks as You Approach Zero Trust
|
| 10/21/2021 |
Live Red Team vs. Blue Team Intrusion Simulation Using Wizard Spider
|
| 10/7/2021 |
AnchorDNS: How TrickBot Malware Hides C2 Inside DNS Traffic and How to Turn the Tables
|
| 10/5/2021 |
A Security Analyst’s Deep Dive Analysis of the Solarmarker Malware Dropper
|
| 9/28/2021 |
Best practices for securing Active Directory and Azure AD
|
| 9/16/2021 |
Protecting Linux Workloads in the Cloud: A Look into Ways Threat Actors Leverage Linux… and What to do About It
|
| 9/2/2021 |
Improving Incident Response Communications and Decision Making with a LockBit Attack Simulation as the Example
|
| 8/26/2021 |
Dealing with Ransomware Dwell Time: Investigating Days and Weeks of Threat Actions
|
| 8/24/2021 |
Protecting Your Active Directory from Ransomware using the NIST Cyber Security Framework
|
| 8/17/2021 |
Detecting Lateral Movement in the Cloud Using a Live Hack: From Phishing Gmail to Exfiltrating Customer Data
|
| 8/12/2021 |
Minimizing Your Attack Surface Risk with Mature Vulnerability Management Using Leading Best Practices
|
| 8/5/2021 |
Early Warning is Your Only Hope: Detecting Ransomware Before It’s Too Late Using MITRE ATT&CK
|
| 8/3/2021 |
Examining DFIR Techniques to Optimize Incident Response for the PrintNightmare Attack and Cobalt Strike
|
| 7/27/2021 |
Detecting Cybercrime Activity with Behavioral Analytics using REvil Ransomware Attacks as the Example
|
| 7/22/2021 |
Understanding the Risk of Supply Chain Attacks and Open-Source Libraries… And What to Do About It
|
| 7/15/2021 |
Turning the Tables: Exploiting Attacker Dependence on Malicious DNS Infrastructure
|
| 6/24/2021 |
The Colonial Pipeline and MITRE ATT&CK Tactic TA0040: IMPACT – The adversary is trying to manipulate, interrupt, or destroy your systems and data
|
| 6/15/2021 |
Aligning Security Controls with Leading Cybersecurity Frameworks Using MITRE Account Manipulation / Access Control TTPs as the Example
|
| 6/3/2021 |
Taking an Application-Centric Approach to Attack Surface Management with a Live Demonstration Showing How to Start Assessing and Analyzing Applications for DAST Vulnerabilities
|
| 6/1/2021 |
Learning How to Survive DarkSide Ransomware: From Initial Discovery Through Data Recovery Using the Colonial Pipeline Attack as the Example
|
| 5/25/2021 |
Aligning AD Security Best Practices to the MITRE ATT&CK Framework – Identifying and Protecting Where You’re Most Vulnerable
|
| 5/18/2021 |
Moving Laterally to the Microsoft 365 Cloud using a Simulated Domain Trust Modification Attack
|
| 5/13/2021 |
How 2 Overlooked Critical Technologies Can Provide the Preventive Controls Missing from Today’s Multi-Layered Defense Needs: Privilege Management and App Control
|
| 4/29/2021 |
Using New Events in Sysmon v13 to Detect Sophisticated Attacks
|
| 4/27/2021 |
Threat Hunting with Sigma Rules: Using Logs, Alerts, and Behavior to Detect APTs & TTPs
|
| 4/22/2021 |
Pivoting from Linux to Windows: Using Behavior to Detect Intrusions Involving Edge Devices
|
| 4/13/2021 |
Hacking the Endpoint From Zero to Full Domain Administrator Using a Crylock Ransomware and Exfiltration Attack Walkthrough
|
| 4/1/2021 |
Top 5 Ways Attackers Disguise C&C and Exfiltration Traffic: With a Special Look at Cobalt Strike Beacon
|
| 3/30/2021 |
Uncovering the Threat Potential of the Insider Breaches Using Real-World Email-Based Examples and Techniques
|
| 3/25/2021 |
SQL Server Attack Ride-Along: Detecting and Investigating a Database Attack Using Log and Trace Data
|
| 3/23/2021 |
Responding to a Reported Zero Day Exploit Using the Exchange Server On-Prem Hafnium Attack as the Example
|
| 3/16/2021 |
Demystifying Kubernetes Vulnerabilities Layer by Layer and How it Relates to Your Risk Management Program
|
| 3/11/2021 |
Don’t Be a Soft Target: The Reality of Recurring Cyber Attacks
|
| 3/9/2021 |
Cryptography Deep Dive: Understanding Key Management Risks and Technologies
|
| 3/4/2021 |
Dissecting the Golden SAML Attack Used by Attackers Exploiting the SUNBURST Backdoor
|
| 3/2/2021 |
Gaining Root Access: Exploiting Linux Using a New Heap Overflow Vulnerability
|
| 2/18/2021 |
Cloud = Linux: Top 8 Steps to Securing Linux in the Cloud
|
| 2/4/2021 |
Detecting Malicious Activity in the Public Cloud with Network Traffic Mirroring Using AWS as the Example
|
| 1/28/2021 |
Implementing an Email Security Strategy Using the MITRE ATT&CK Framework
|
| 1/21/2021 |
Why Traditional AV is failing: A Detailed Look into Obfuscation and Evasion Techniques That Fool Traditional AV
|
| 1/14/2021 |
SUNBURST: A Deep Dive into the Scariest Supply Chain Attack Yet
|
| 1/12/2021 |
Surviving a Compromise: Developing Critical Decision-Making Skills to Survive Attacks Like Sunburst
|
| 12/10/2020 |
Lessons Learned from a SOC Analyst: Automating the Detection, Alerting, and Remediation of Threats such as Ryuk, Cobalt Strike and Gh0st RAT
|
| 11/12/2020 |
Top 10 Windows Security Log Events to Monitor to Detect Lateral Movement
|
| 11/10/2020 |
Lessons Learned from a Professional Pen Tester: Top OS and Application Vulnerabilities and Deficiencies Found During Penetration Testing
|
| 11/5/2020 |
Anatomy of Sophisticated Business Email Compromise Attacks: Beyond Simple CEO Impersonation
|
| 11/3/2020 |
Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Netlogon Elevation of Privilege Vulnerability with Mimikatz Integration
|
| 10/29/2020 |
Detecting and Preventing AD Authentication Risks: Golden Tickets, NTLM, Pass-the-Hash and Beyond
|
| 10/27/2020 |
Exploring the NIST Zero Trust Architecture with Linux Privileged Access as the Application
|
| 10/13/2020 |
Maze Ransomware Deep Dive: Using Threat Research Reports and MITRE ATT&CK to Turn Analysis into Action with Maze as an Example
|
| 10/8/2020 |
Dissecting Avaddon: From the Initial Malspam and Loader through Secondary Binary and Exploring their CnC to Find Additional Attacks
|
| 9/29/2020 |
Top 5 Security Tasks to Automate with PowerShell
|
| 9/10/2020 |
Filling the Gaps in Microsoft Teams Security
|
| 9/3/2020 |
Next Generation Windows Event Collection: How to Instantly Load Balance WEC Collectors without Waiting for Computers to See Group Membership Changes
|
| 9/1/2020 |
The Gophish Toolkit: Running a Phishing Assessment Against Your Organization to Identify Technical and Social Engineering Weak Spots
|
| 8/25/2020 |
Top 4 Active Directory Security Issues from 2 Years of Security Assessments
|
| 8/20/2020 |
Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year of Attacks by WastedLocker, Maze, Evil Corp, NetWalker, et al
|
| 8/13/2020 |
DNS Threat Hunting: Exploiting Your Adversaries Dependence on Domain Names
|
| 8/11/2020 |
Tales from the Trenches: One Red Team’s Experiences Breaking into Networks for a Living
|
| 7/30/2020 |
EXPLOITING F5 BIG-IP: Deconstructing This Simple but Deadly Unauthenticated Remote Code Exploit and Why It’s More Than Just an F5 Issue
|
| 7/23/2020 |
Threat Hunting: Real Intrusions by State-Sponsored and eCrime Groups
|
| 7/9/2020 |
Anatomy of an Exploit: SMBGhost/CoronaBlue – How “Chompie” Achieved Unauthenticated Remote Code Execution Despite Windows 10’s Near Perfect Address Randomization
|
| 6/18/2020 |
Beyond Signatures: 6 Contextual and Human Intelligence Methods for Detecting Phishing and BEC
|
| 6/16/2020 |
Postmortem of Two Real World Attacks: 1) Fast-moving Ransomware 2) Webshell-based Data Exfiltration
|
| 6/9/2020 |
Anatomy of a Hacker Group: APT29 (aka Cozy Bear)
|
| 5/28/2020 |
Anatomy of a Citrix Hack: S**trix. Hands-on with Understanding, Detecting and Red Teaming this Exploit
|
| 5/14/2020 |
Top 9 Network Security Vulnerabilities Common to the Cloud
|
| 5/7/2020 |
Extra Vigilance: Top 3 Ways to Adapt Your Security Log Monitoring for the Surge in Working from Home
|
| 5/5/2020 |
Exploring 5 Techniques from the MITRE ATT&CK Cloud Matrix Specific to O365
|
| 4/30/2020 |
Reducing Your MITRE ATT&CK Surface by Denying Admin Authority
|
| 4/16/2020 |
Double Edged Sword: Employing and Exploiting Machine Learning and AI by Red and Blue Teams
|
| 3/26/2020 |
Security Log Deep Dive: Mapping Active Directory Authentication and Account Management Events to MITRE ATT&CK TTPs
|
| 3/19/2020 |
Top 7 Best and Worst Ways to Avoid Alert Fatigue
|
| 3/17/2020 |
Anatomy of a Linux Hack: Skidmap Leverages Cron Jobs, PAM, Kernel Modules, and More
|
| 3/12/2020 |
Passive Inventory of Security Risks, Endpoints, Applications and Cloud Usage through Network Traffic Analysis
|
| 3/5/2020 |
4 Trending Phishing Techniques: Real Life Examples and Tips for Detection
|
| 2/20/2020 |
Case Study: 11 Real World Examples of Actual Data Compromised on the Dark Web
|
| 2/13/2020 |
Password Spray & Credential Stuffing: Protecting Active Directory From User Password Re-Use and Harvested Password Attacks
|
| 1/30/2020 |
Remediate or Re-Install? 3 Steps for Surgical Removal of Malware Using the Latest Emotet as a Subject
|
| 1/28/2020 |
Beyond Commodity Malware: Catching the Human Attacker Controlling a Compromised Endpoint
|
| 1/23/2020 |
Active Defense: 7 Ways to Seize the Initiative and Get Out in Front of Threats
|
| 1/21/2020 |
Top 10 Event Categories to Monitor in the Windows Server Event Log
|
| 12/12/2019 |
Beyond IP/Hash/Domain: Leveraging Threat Feed Metadata for Better Context and Accuracy
|
| 12/10/2019 |
How to Secure Privileged Session Access to Cloud-based VMs; Hint: Don’t Expose SSH/RDP to the Internet
|
| 12/3/2019 |
Dissection 101: Step-By-Step Static Analysis of Unknown PE files (EXE) to Recognize Malware and Assess Impact
|
| 11/26/2019 |
Understanding SCIM for Identity Provisioning between Clouds and… Everything
|
| 11/19/2019 |
Are Firewalls Dead? Not by a Long Shot - But We Need to Make Some Changes
|
| 11/12/2019 |
PCI and the Windows/AD Environment: Understanding the 12 Requirements of the Data Security Standard in Context
|
| 11/7/2019 |
Data Loss Detection: Finding Your Data on the Dark Web and Beyond
|
| 11/5/2019 |
Anatomy of a DNS Hijacking: The Fascinating Case of the Sea Turtle Campaign
|
| 10/31/2019 |
Understanding Windows Event Collection (WEC/WEF): Planning, Troubleshooting and Performance Monitoring
|
| 10/24/2019 |
Detecting Insider Threats in Office 365 and Hybrid AD
|
| 10/22/2019 |
MacOS and Security: Understanding MacOS Malware and Attacks
|
| 10/10/2019 |
Anatomy of an Attack: MitM into O365, defeat MFA, then Lateral Movement into On-Prem
|
| 10/1/2019 |
Anatomy of RDP Exploits: BlueKeep, DejaBlue, MetaSploit and the Many Lessons To Be Learned
|
| 9/26/2019 |
Pushing the Limits of Network Security Monitoring: 5 Real-World Scenarios
|
| 9/19/2019 |
Access Hoarders, Group Sprawl and Permission Creep: Cleaning up AD
|
| 9/10/2019 |
Exploiting Your Adversary’s Weak Spot: DNS Domain Names – A Natural Fit for SOAR
|
| 9/5/2019 |
Kubernetes Audit Logging: Containerized Apps are Only as Secure as the Cluster Where They Run
|
| 9/3/2019 |
Understanding Active Directory Authentication Events in the Windows Security Log and Beyond
|
| 8/20/2019 |
Cloud VMs: Understanding and Securing the Multiple Routes to Privileged Access
|
| 8/15/2019 |
Detecting Persistence: Top 9 Security Changes to Monitor on Windows Server
|
| 8/6/2019 |
Top Indicator an Application Has Been Pwnd: Starting a LOLBin
|
| 8/1/2019 |
Fully Mapping Your Internet Facing Attack Surface
|
| 7/23/2019 |
Using Honeypot Accounts and Hashes in Active Directory to Detect Pass-the-Hash & Credential Theft
|
| 7/11/2019 |
5 Steps to Keeping Firewall Rules Up-to-Date and Secure
|
| 7/9/2019 |
Rethinking Active Directory Password Security – New Guidance from NIST Brings Long Needed Changes to Password Best Practices
|
| 7/2/2019 |
Auditing Active Directory Changes with the Windows Security Log
|
| 6/18/2019 |
Azure & O365 Audit Logging: 8 Events Across the Stack That You Want to Know When They Happen
|
| 6/11/2019 |
Threat Detection and Hunting for 5 of the Most Common MITRE ATT&CK Techniques: Connection Proxy, Service Execution, Exfiltration, Masquerading, Drive-by Compromise
|
| 6/4/2019 |
Artificial Intelligence & Machine Learning Applied to Infosec: Cutting Through the Hype by Looking at a Real-World Working Example In-Use Right Now
|
| 5/30/2019 |
Top 4 Most Dangerous Applications on Every Endpoint; Fighting Back with Detective and Preventive Controls
|
| 5/23/2019 |
Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection
|
| 5/21/2019 |
Container Security Fundamentals: How Containers Work in Linux and Docker, How They Differ from VMs and What It Means to Security
|
| 5/2/2019 |
How to Prove Your Firewalls Actually Do What You Intend Using Multiple Vantage Points and Tools from Kali Linux
|
| 4/30/2019 |
Exploring Windows Server’s Data Classification Infrastructure to Find Private Data and Comply with GDPR, et al
|
| 4/25/2019 |
AD Attack Deep Dive: Gaining Persistence using DCSync and DCShadow with Mimikatz
|
| 4/23/2019 |
Osquery Deep Dive: Doing Low Level Analytics and Monitoring for Windows/Linux/macOS
|
| 4/16/2019 |
Preparing for Total Annihilation of Your Infrastructure
|
| 4/11/2019 |
Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
|
| 4/9/2019 |
How Modern Single Page Web Applications Break Traditional Application Vulnerability Scanning
|
| 3/28/2019 |
Detecting Threats in Encrypted Traffic on Your Global Network without Breaking the Law
|
| 3/26/2019 |
SIEM Delivery Models: Where Do Today’s Risks and Future Technology Point?
|
| 3/21/2019 |
Malicious Traffic: Understanding What Does and Doesn’t Belong on Your Unique Network
|
| 3/19/2019 |
Anatomy of a Hack: How TEMP.Mixmaster Attackers Use TrickBot and Ryuk To Poach Big Game
|
| 3/14/2019 |
Emotet: Dissecting the Info Stealing Trojan That Keeps Going
|
| 3/12/2019 |
Detecting When Attackers Use Trusted Windows Components Like cmd, powershell, wmic, mshta, regsvr32 for Malicious Operations
|
| 3/7/2019 |
Securing Privilege Outside the IT Department: High Value Transactions, Vulnerable Applications and Access to Critical Information
|
| 2/28/2019 |
5 Steps to Comprehensively Mapping Your Attack Surface
|
| 2/26/2019 |
Understanding and Managing Organizational Units and Groups in Active Directory
|
| 2/7/2019 |
Staying Open for Business Against DDOS Attackers Requires More than Just Blocking Traffic
|
| 1/29/2019 |
Closing the Loop: Detecting Vulnerabilities is Great but Risk Only Decreases After Remediation
|
| 12/18/2018 |
Building MITRE ATT&CK Technique Detection into Your Security Monitoring Environment
|
| 12/11/2018 |
A Compromised Entity is Detected: 3+ Ways to Automatically Contain the Threat
|
| 12/6/2018 |
The Year in Review: From the Totally New Spectre & Meltdown to Pathetically Old Flash; There's Plenty to Learn from 2018
|
| 11/27/2018 |
Checking your Application Against the OWASP Top 10 Security Risks
|
| 11/8/2018 |
Dabble or Deep Dive: 7 Different Threat Hunts You Can Do With Available Resources
|
| 11/6/2018 |
AWS Network Security Deep Dive: Providing Network Protection for AWS Cloud Resources
|
| 11/1/2018 |
Detecting Targeted Spearphishing Campaigns in the Preparation Phase
|
| 10/30/2018 |
Managing File Share Security on Windows Servers
|
| 10/16/2018 |
Top 10 Steps to Hardening Linux Systems
|
| 10/11/2018 |
Tracking Group Membership Changes in Active Directory
|
| 10/9/2018 |
Managing Local Administrator Accounts with LAPS; And Protecting LAPS from Attack
|
| 10/4/2018 |
Why Multi-factor Authentication Can’t Prevent Pass-the-Hash Attacks and Alternative Mitigation Methods
|
| 10/2/2018 |
4 Threat Detections using Active Directory Authentication Events from the Windows Security Log
|
| 9/25/2018 |
Understanding How Attackers use Malicious JavaScript
|
| 9/13/2018 |
Which User and What Program Sent This Packet, and Should I be Concerned? Correlating Network Security Alerts with Host Logs for Full Traffic Attribution
|
| 9/6/2018 |
Seeing Inside Encrypted Traffic: Blocking Threats and Enforcing Policy While Preserving Security, Compliance and Performance
|
| 8/30/2018 |
5 Ways to Respond Faster and Automate Security through 2-Way Integration Between SIEM and IAM
|
| 8/28/2018 |
Office Macro Exploitation: Mitigating and Threat Hunting This Widely Exploited Vector
|
| 8/23/2018 |
How Attackers Exploit the Windows Registry for Persistence, Hiding File-less Malware, Privilege Elevation and More
|
| 8/21/2018 |
Anatomy of a Hack: How Cryptojacking Works, Why It’s Growing, Its Risks and Detection
|
| 8/16/2018 |
Migrating to the Cloud? Don’t Forget Your Firewalls
|
| 7/24/2018 |
Using YARA to Describe, Classify and Search for Malware
|
| 7/19/2018 |
Understanding OneDrive for Business Security and Monitoring
|
| 7/17/2018 |
Correlating DHCP, DNS and Active Directory data with Network Logs for User Attribution
|
| 7/12/2018 |
Migrating from Shared Accounts to the Dual Account Model to Manage Risk, Enforce Accountability and Facilitate Behavior Analytics for Privileged Account Activity
|
| 6/21/2018 |
“Wait… That’s Not How Susan Types. Kill that Session Now!”: 8 Ways to Analyze Privileged Sessions to Identify Your Most Suspicious Activity.
|
| 6/19/2018 |
When Your SIEM Cries Wolf Too Many Times: Addressing Alert Fatigue with Security Automation and Orchestration (SAO)
|
| 5/31/2018 |
Threat Hunting with DNS Domain Names Collected from All Over Your Network
|
| 5/17/2018 |
Quantifying Potential Lateral Movement Exposure for Privileged Accounts in Active Directory
|
| 5/10/2018 |
Anatomy of an Attack: How the Bad Guys Use Certutil and MSBuild to Stay Below the Radar
|
| 5/8/2018 |
Identifying Abnormal Authentication: Associating Users with Workstations and Detecting When Users (Try to) Logon to Someone Else’s Workstation
|
| 5/3/2018 |
Linux Security Deep Dive: How LD_PRELOAD Makes It Possible to Audit and Control Root Users
|
| 5/1/2018 |
Top 8 Factors to Analyze to Determine the Real Risk of a Vulnerability: CVSS Score Is Only the Beginning
|
| 4/26/2018 |
Anatomy of an Attack: How Password Spraying Exploits Weak Passwords So Effectively
|
| 4/19/2018 |
5 Ways to Use System Status, Availability and Performance Data to Enhance Security Monitoring
|
| 4/12/2018 |
3 Ambiguities in One Simple Rule: How to Stop Writing Firewall Rules and Start Controlling Network Security Based on Your Actual Intent
|
| 4/4/2018 |
Understanding Alternative Technologies for SMB Fail-Over Disaster Recovery for On-Prem Servers
|
| 3/29/2018 |
Top 3 Workstation Logs to Monitor for Early Detection of Attacks: Security Log, PowerShell, Sysmon
|
| 3/27/2018 |
Top Windows Security Log Events for User Behavior Analysis
|
| 3/22/2018 |
What’s New in SQL Server Audit Logging: SQL Server 2016 SP1, 2017, Linux and Azure
|
| 3/13/2018 |
Using VirusTotal for More than Simple AV Checks: How to Leverage Their Big Data to Threat Hunt in Your Network
|
| 3/8/2018 |
How to do Logon Session Auditing with the Windows Security Log
|
| 2/27/2018 |
Shortening the Risk Window of Unpatched Vulnerabilities
|
| 2/20/2018 |
Anatomy of 3 DDoS Attacks: Volumetric, Network, Application
|
| 2/15/2018 |
Detect and Monitor Threats to your Executive Mailboxes with Exchange Mailbox Auditing
|
| 2/13/2018 |
Network Segmentation: Implement Roadblocks on the Attack Surface, Stop Malicious Spread
|
| 2/8/2018 |
Integrating Linux with Active Directory for Users, Groups, Kerberos Authentication, and even Group Policy
|
| 2/6/2018 |
Understanding Spectre and Meltdown: The Facts, How to Mitigate, Where We Go from Here
|
| 2/1/2018 |
How to Analyze Logon Attacks with the Windows Security Logs
|
| 1/30/2018 |
Top 12 Events to Monitor in the Windows Server Security Log
|
| 1/25/2018 |
How the NIST Cybersecurity Framework Works: Tiers, Profiles, Functions and Categories
|
| 1/18/2018 |
Using File Integrity Monitoring to Catch Imposter EXE/DLL Replacements and Tampering – Without the Noise
|
| 1/11/2018 |
Top 7 Indicators a Domain is Malicious
|
| 1/9/2018 |
Where to Protect Privileged Sessions with MFA: 1) Direct Integration, 2) at Privileged Access Management, 3) at Federated SSO/CASB or 4) with NGFW Reverse Proxy?
|
| 12/7/2017 |
Using Message Tracking Logs from Office 365 to Detect and Respond to Phishing Attacks
|
| 12/6/2017 |
6 Ways to Evaluate Firewall Change Requests to Ensure Security and Compliance and Prevent Risk Creep
|
| 12/5/2017 |
Pre-empting Mimikatz Attacks on Privileged Accounts Using Password Isolation Human Presence MFA
|
| 11/14/2017 |
Building a Secure Hosting Environment for Red Forest Domain Controllers
|
| 11/9/2017 |
6 Steps for Firewall Assessment for Compliance and Security
|
| 11/2/2017 |
Preparing for the Disgruntled Privileged User: 3+ Ways They Can Hose Your Environment in Minutes
|
| 11/1/2017 |
Integrating Identity and Authentication Events to Improve SIEM Threat Detection
|
| 10/31/2017 |
Connecting the Dots Between Indicators of Compromise to See the Whole Attack
|
| 10/26/2017 |
Admin/Admin and Other Signs You’re Headed for an “Equifiasco”
|
| 10/24/2017 |
DNS Deep Dive: How Attackers Use DNS to Find C2 Servers, Control Compromised Systems, and Exfiltrate Your Data
|
| 10/19/2017 |
ArcSight’s WUC and WiNC with Native Windows Event Collection: How to Get Events into ArcSight Without the Pain
|
| 10/17/2017 |
3-Dimensional Security Monitoring for Azure Virtual Machines in the Cloud: Auditing the Control, Data and Windows Planes
|
| 10/12/2017 |
10+ Up-To-Date Ways to Harden Windows Against Modern Active Directory Attacks
|
| 10/5/2017 |
Monitoring Privileged Accounts with the Windows Security Log to Catch Lateral Movement by Mimikatz and other Credential Harvesting
|
| 9/28/2017 |
3 Modern Active Directory Attack Scenarios and How to Detect Them
|
| 9/26/2017 |
Linux Security: Top Files and Directories to Monitor in Linux to Catch Attackers
|
| 9/21/2017 |
How Hybrid Clouds Connect to Your Network; Understanding and Mitigating the Risks of VPN-to-Cloud and Cloud Application Gateways
|
| 9/19/2017 |
Top 5 Ways for Analyzing Entitlements and Identifying High-Risk
|
| 9/14/2017 |
Tracking Access, Sharing and Administration of Files in SharePoint Online and OneDrive for Business
|
| 9/7/2017 |
XPath Deep Dive: Building Advanced Filters for Windows Event Collection
|
| 8/31/2017 |
Profiling Your Attacker: How to Take a Single Domain or IP and Map Out the Infrastructure of a Bad Actor
|
| 8/29/2017 |
WSUS vs. SCCM: Which is the best way to go for security patching?
|
| 8/24/2017 |
Regulating Privileged Access: When to Require Human Approval Workflows
|
| 8/23/2017 |
Getting all Your Security Information Into One Place and Searching It Like Google
|
| 8/22/2017 |
Correlating Vulnerability Scans with Network Path Analysis to Find and Remediate the Biggest Risks to Your Network and Avoid Wasting Time on the Little Ones
|
| 8/17/2017 |
QRadar WinCollect and Native Windows Event Collection: How to Do It Right, Filter the Noise and Simplify your Infrastructure
|
| 8/15/2017 |
Understanding Azure Log Integration (AzLog): Microsoft’s New Tool for Bringing Azure Visibility to Your SIEM
|
| 8/3/2017 |
Ransomware: Attack Methods Being Used to Evade Antivirus and Next Gen Firewalls
|
| 7/27/2017 |
Something Worse Than Ransomware: Architecting for a New Breed of Malware that Simply Destroys
|
| 7/20/2017 |
Understanding Office 365 Logon Events to Catch Intrusion Attempts
|
| 7/13/2017 |
Forget Recovering from Ransomware; Modern Backup Technology can Detect Ransomware
|
| 6/29/2017 |
How RSA SecurID® Access Blends Dynamic Risk Analytics, UX and Flexibility to Make Strong Authentication More Convenient
|
| 6/27/2017 |
How to Secure Group Policy, Detect Unauthorized Changes, Prevent Configuration Disasters and Recover When Necessary
|
| 6/22/2017 |
My Roadmap for Helping You Monitor Workstations for Early Detection of APTs and Ransomware
|
| 6/6/2017 |
Top 5 Risks of “Dirty” Firewalls
|
| 5/30/2017 |
How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and My New Splunk App
|
| 5/25/2017 |
Non-Malware Attacks: How to Speed Up Your SOC by detecting and responding to “File-less” attacks on Endpoints
|
| 5/23/2017 |
Using Sysmon v6.01 to Really See What’s Happening on Endpoints; It’s Better than the Windows Security Log
|
| 5/18/2017 |
Top 6 Active Directory Infrastructure Risk Findings
|
| 5/16/2017 |
LogRhythm and Native Windows Event Forwarding: How to Do It Right, Filter the Noise and Simplify your Infrastructure
|
| 5/11/2017 |
Understanding Proxy-Based Privileged Password/Session Management
|
| 4/27/2017 |
Step-By-Step Incident Response for Top 3 Security Scenarios
|
| 4/25/2017 |
Integrating Splunk with native Windows Event Collection (WEC) and Optional 2-Stage Noise Filtering
|
| 4/20/2017 |
How to Detect 2 Computers on Your Network Talking to Each Other for the First Time and Why It Matters
|
| 4/18/2017 |
Protecting Active Directory from Malicious and Accidental Destruction: When Recycle Bin Isn’t Enough
|
| 4/13/2017 |
Implementing WSUS to Deploy Microsoft, 3rd Party and Custom Patches across Your Enterprise
|
| 3/30/2017 |
Bridging the Gap between Cloud 2-Factor Authentication and On-Premise Resources using RADIUS
|
| 3/23/2017 |
Detecting Unauthorized Changes Originating in Azure Active Directory and Limiting Impact to On-Prem AD
|
| 3/21/2017 |
Managing Large Windows Event Collection Implementations: Load Balancing Across Multiple Collectors
|
| 3/16/2017 |
Detecting Lateral Movement with New Events in the Windows Server 2016 Security Log
|
| 3/9/2017 |
Systematically Identifying Absolutely Every Privileged User and Detecting New Ones
|
| 2/28/2017 |
Building the Ultimate Active Directory Domain Controller Security Environment
|
| 2/23/2017 |
It’s Time to Unleash the Power of Native Windows Event Collection
|
| 2/21/2017 |
Malicious or Innocent: How to Investigate Account Lockouts in the Active Directory Environment
|
| 2/16/2017 |
Understanding Security and Privileged Access in Azure Active Directory
|
| 2/9/2017 |
PowerShell Empire is the Proof that We Need to Prevent Attacks Instead of Just Searching for Malware
|
| 2/7/2017 |
Top 6 Findings in 2016 from Analyzing Firewalls, Email Security Appliances, Endpoints, Honeypots and Multiple Sandbox Engines
|
| 1/31/2017 |
Solid State Drives (SSD) Secure Data Removal Deep Dive: What it Takes to Really Make the Data Go Away
|
| 1/24/2017 |
Configuring Linux and Macs to Use Active Directory for Users, Groups, Kerberos Authentication and even Group Policy
|
| 1/12/2017 |
Understanding “Red Forest”: The 3-Tier Enhanced Security Admin Environment (ESAE) and Alternative Ways to Protect Privileged Credentials
|
| 12/14/2016 |
The San Fran Muni Ransomware Attack: What Really Happened and What We Learn from the Criminal Who Himself Got Hacked
|
| 12/8/2016 |
Locking Down Linux: AppArmor vs SELinux
|
| 12/6/2016 |
How to Detect Unauthorized Queries Against Sensitive SQL Databases without all the Noise of the Trusted Application
|
| 11/30/2016 |
Good Linux Security Needs File Integrity Monitoring
|
| 11/17/2016 |
Monitoring changes and access events in AD and Azure AD. What is similar and what is different? How do synchronization and federation play in?
|
| 11/15/2016 |
How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online
|
| 11/3/2016 |
Monitoring Active Directory Changes for Compliance: Top 32 Security Events IDs to Watch and What They Mean
|
| 11/1/2016 |
Deploying Honeynets Outside and Inside Your Network and Integration with Your SIEM
|
| 10/27/2016 |
14 Group Policy Security Risks and How to Control them
|
| 10/25/2016 |
Understanding Office 365 Unified Audit Logging
|
| 10/20/2016 |
How to Detect SQL Server Hacking without Crippling Performance or Impacting Availability
|
| 10/13/2016 |
Leveraging SCCM to Manage the Security of Your Endpoints
|
| 9/28/2016 |
Centralizing Sudo Management for Securing Linux and UNIX
|
| 9/27/2016 |
How Sandboxes Detonate-to-Detect Malware and How Malware Evades Sandboxes
|
| 9/20/2016 |
25 User Behavior Analytics that Indicate Malicious Insider or Compromised Account
|
| 9/15/2016 |
Coping with the Challenges of Exchange Mailbox Auditing
|
| 9/8/2016 |
When and Why Encryption Doesn’t Protect Your Data Against Malware
|
| 8/30/2016 |
How to Monitor File Access to Detect Any Ransomware – “Look Ma, No Signatures!”
|
| 8/25/2016 |
Why Best Practices like RunAs and 2-Accounts Don’t Protect Admin Accounts Against Modern Endpoint Threats
|
| 8/16/2016 |
Top 8 Things to Analyze in Outbound Packets to Detect Compromised Systems
|
| 7/28/2016 |
How the SWIFT Hack Went Down and How to Benefit from the Lessons Learned
|
| 7/26/2016 |
SIEM Integration with SharePoint: Monitoring Access to the Sensitive Unstructured Data in SharePoint
|
| 7/21/2016 |
Top 7 Ways to Protect Admin Passwords from Theft via Pass-the-Hash and Other Attacks
|
| 7/19/2016 |
Implementing Win 2012 R2 Authentication Silos and the Protected Users Group to Protect Privileged Accounts from Modern Attacks
|
| 7/14/2016 |
Filling the Gaps in Active Directory Monitoring
|
| 6/28/2016 |
Getting Control of Employee Web Access with Proxy Server and Next Generation Firewall Technologies
|
| 6/9/2016 |
Designing a Multi-layered Active Directory Security Infrastructure
|
| 6/2/2016 |
Top 8 Security Features in Skylake PCs
|
| 5/26/2016 |
DNS Security: How to Detect Compromised Endpoints by Analyzing DNS Activity from Your DNS Server Logs and Network Activity
|
| 5/12/2016 |
Leveraging your SIEM to Catch and Respond to Ransomware Before It Spreads
|
| 4/28/2016 |
What One Digital Forensics Expert Found On Hundreds of Hard Drives, iPhones and Android Devices
|
| 4/25/2016 |
Enterprise Targeted Ransomware is Just Getting Started: Here’s How to Get Ahead of the Curve
|
| 4/21/2016 |
Doing Multi-Factor Authentication Right the First Time: 8 Technical Requirements
|
| 4/19/2016 |
Monitoring Group Membership Changes in Active Directory
|
| 4/14/2016 |
Auditing Permission Changes on Windows File Servers and NAS Filers
|
| 3/31/2016 |
Understanding OpenID Connect and OAuth v2.0: How They Work and How to be Secure
|
| 3/24/2016 |
6 Steps to Determine if an Unknown Program is Safe or Malicious
|
| 3/15/2016 |
Hybrid Directory Governance: Understanding How Security Works in a Hybrid Active Directory Environment of On-Premises AD / Azure AD and Office 365
|
| 3/10/2016 |
Decommissioned Hard Drives: How To KNOW your Data is Destroyed without Creating Toxic Waste or High Cost
|
| 3/3/2016 |
Defending the Top 8 Most Targeted Applications on Windows Endpoints
|
| 3/1/2016 |
Who’s Attacking Your Database? Monitoring Authentication and Logon Failures in SQL Server
|
| 2/25/2016 |
Extending the Kill Chain with lateral movement on 5 Windows Systems Using Multiple Intrusion Techniques
|
| 2/16/2016 |
PowerShell Audit Logging Deep Dive: Catch Intruders Living off the Land and Enforce Privileged User Accountability
|
| 2/3/2016 |
Protecting Mac OS X from Privilege Elevation Attacks and Related Endpoint Security Risks
|
| 1/21/2016 |
Severing the Horizontal Kill Chain: Using Micro-Segmentation in Your Virtualization Infrastructure to Prevent Attackers from Jumping from VM to VM
|
| 1/19/2016 |
How One Organization Brought 800 Desktops into Compliance while Eliminating Overtime, Downtime and Staff Expansion
|
| 1/12/2016 |
What Have We Learned from Recent Breaches: 8 Lessons to Take to Heart
|
| 12/17/2015 |
2015 UltimateWindowsSecurity.com Community Survey Highlights
|
| 12/15/2015 |
Implementing Windows AppLocker in Audit Mode for Immediate Detection of Unauthorized Programs, Scripts and Software Installation
|
| 12/10/2015 |
Understanding Mobile Device Management: iOS and Android, BYOD and Company-Owned
|
| 12/8/2015 |
3 Authentication Scenarios that Demonstrate Why Federation Really is Safer
|
| 12/3/2015 |
Detect and monitor threats to your executive mailboxes with Exchange mailbox auditing
|
| 12/1/2015 |
Deep Packet Inspection for SSL: How to Defeat Intruders Hiding their Communications Inside Encrypted Channels
|
| 11/19/2015 |
Monitoring What Your Privileged Users are doing on Linux and UNIX
|
| 11/17/2015 |
Windows BitLocker Encryption Deep Dive: How it Works and How to Fulfill Enterprise Management and Compliance Requirements
|
| 11/12/2015 |
Dealing with the Drudgery of Patching Java and Mitigating the Risks of Java
|
| 11/4/2015 |
Hardening Windows Endpoints with Standards-based Configuration Management: USGCB vs CIS Benchmarks and Beyond
|
| 11/3/2015 |
What’s New in the Windows 10 Security Log
|
| 10/29/2015 |
Understanding the NIST Cybersecurity Framework: Different, Scalable and Practical
|
| 10/27/2015 |
PowerShell Attack Scenarios: How Attackers Do It and How to Detect
|
| 10/20/2015 |
Exploring the New FTP Security Enhancements in IIS
|
| 10/15/2015 |
Ransomware Deconstructed: Beyond CryptoLocker and into the World of Crowdsourced Malware
|
| 10/14/2015 |
Top 12 Workstation Security Controls
|
| 10/8/2015 |
5 Indicators of Evil on Windows Hosts using Endpoint Threat Detection and Response
|
| 10/1/2015 |
Live Hacking: Recovering Confidential Data from a Re-Formatted Hard Drive; How to Really Erase Data
|
| 9/29/2015 |
Understanding Identity and Access Management Compliance Requirements for PCI, HIPAA, SOX and ISO 27001
|
| 9/17/2015 |
Detecting New Programs and Modifications to Executable Files with Windows File Access Auditing and File Integrity Monitoring
|
| 9/15/2015 |
Windows 10 Device Guard Deep Dive: Using Code Integrity to Stop Mal-Agents
|
| 9/10/2015 |
Top 12 Most Damaging Active Directory Security Malpractices
|
| 9/8/2015 |
Using Capture the Flag and Security Simulations to Improve Response Time, Hone Skills and Find Vulnerabilities
|
| 8/27/2015 |
How to sudo it right in Linux and Unix for security, manageability, compliance and accountability
|
| 8/25/2015 |
Prioritizing the SANS 20 Critical Security Controls to Solve Endpoint Security Risks
|
| 8/18/2015 |
Monitoring Privileged Access on SQL Server
|
| 8/13/2015 |
Stopping Exfiltration of Files without Stopping the Flow of Business
|
| 7/30/2015 |
Anatomy of a Hack Disrupted: How One SIEM’s Out-of-the-Box Rules Caught an Intrusion and Beyond
|
| 7/28/2015 |
Under the Hood with Windows 10 Security
|
| 7/23/2015 |
No Account Left Behind: Cleaning up users accounts and reducing risk
|
| 7/21/2015 |
Beyond Root: Securing Privileged Access in Linux with Sudo
|
| 7/16/2015 |
Using Splunk and LOGbinder to Monitor SQL Server, SharePoint and Exchange Audit Events
|
| 7/14/2015 |
Fixing One of the Weakest Links in Security: Insecure File Transfers between Systems
|
| 6/30/2015 |
Top 10 Indicators of Tampering with Privileged Accounts
|
| 6/11/2015 |
Monitoring Security Logs from VMWare vCenter and ESXi
|
| 6/4/2015 |
Top 10 Tasks to Automate in Active Directory to Save Time, Prove Compliance and Ensure Security
|
| 5/28/2015 |
Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
|
| 5/7/2015 |
2 Factor, SSO, Federation and Cloud Identity are Awesome but it’s all for Naught if You Leave this One Backdoor Open
|
| 5/5/2015 |
Protecting AD Domain Admins with Logon Restrictions and Windows Security Log
|
| 4/30/2015 |
Protecting Active Directory from Malicious and Accidental Destruction: When Recycle Bin Isn’t Enough
|
| 4/28/2015 |
SharePoint Defense-In-Depth Monitoring: What to Watch at the App, DB and OS Level – and How?
|
| 4/16/2015 |
Understanding Privileged User Compliance Requirements for PCI, HIPAA, SOX and ISO 27001
|
| 4/7/2015 |
Protecting FTP Servers Exposed to the Internet
|
| 3/26/2015 |
Protecting Web and Cloud Apps with Dynamic Controls: IP Restrictions, Tokens, Authenticator Apps, SMS Messages and More
|
| 3/24/2015 |
Rev Up Your SIEM with These Top 8 High Value Security Event Sources
|
| 3/5/2015 |
Patching Acrobat and Adobe Reader with System Center Configuration Manager
|
| 2/26/2015 |
How to Use EmergingThreats.net and other Threat Intelligence Feeds with Your SIEM
|
| 2/24/2015 |
Anatomy of a Data Breach: Tracing a Case of Unauthorized File Access with the Windows Security Log
|
| 2/19/2015 |
Eliminating FTP: Securing File Transfers with Secure Shell for Encryption and Compliance
|
| 2/10/2015 |
Solving Windows 2003 End of Life Security Risks: Migration Strategies and Compensating Controls for Beyond July 14, 2015
|
| 1/29/2015 |
Managing Mailbox Audit Policy in Exchange 2013
|
| 12/16/2014 |
Pre-empting Pass-the-Hash Attacks on Windows Systems
|
| 12/11/2014 |
How to Monitor Network Activity with the Windows Security & Firewall Logs to Detect Inbound and Outbound Attacks
|
| 12/9/2014 |
Setting up Internal Linux and Windows Honeypots to Catch Intruders
|
| 11/18/2014 |
Shellshock 101: What is Bash? How do Shellshock attacks work? Where are you still vulnerable? How to fix?
|
| 11/13/2014 |
Addressing the Risk of Unpatched Virtual Machines: Live, Offline and Template
|
| 11/6/2014 |
Early Detection: Monitoring Mobile and Remote Workstations in Real-Time with the Windows Security Log
|
| 10/16/2014 |
Not Monitoring SQL Server with Your SIEM is Close to Negligent: What are Your Options?
|
| 10/9/2014 |
Spotting the Adversary with Windows Event Log Monitoring: An Analysis of NSA Guidance
|
| 9/18/2014 |
Correlating Tactical Threat Data Feeds with Security Logs for More Intelligent Monitoring
|
| 8/28/2014 |
How to do Logon Session Auditing with the Windows Security Log
|
| 8/21/2014 |
Catching Web Based Attacks with W3C Logs from IIS and Apache
|
| 8/19/2014 |
Using System Center Configuration Manager 2012 R2 to Patch Linux, UNIX and Macs
|
| 7/14/2014 |
Windows Security Log File Access Auditing Deep Dive
|
| 6/17/2014 |
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
|
| 6/10/2014 |
Specific Security Monitoring Lessons Learned from: Target, Nieman Marcus, Sony and other breaches
|
| 6/5/2014 |
Exploring Win2008/2012’s Windows Event Collection Service
|
| 6/3/2014 |
Detecting Information Grabs of Confidential Documents in SharePoint
|
| 5/22/2014 |
5 Ways to Protect XP beyond End-of-Life 0-Day Exploits: EMET, DEP, Attack Surface Reduction and more
|
| 5/20/2014 |
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS
|
| 5/15/2014 |
Getting Control of Linux/Unix with Sudo and AD Integration
|
| 5/13/2014 |
Using Regex to Find Sensitive Data on Your Network
|
| 4/22/2014 |
7 Steps to Implementing Information Owners Over Unstructured Data
|
| 4/8/2014 |
Windows 2003 End of Life: Top 8 Reasons to Start Planning NOW
|
| 3/27/2014 |
5 Real World Scenarios for Correlating Host and Network Events to Catch Violations and Intrusions
|
| 3/19/2014 |
Careto: Unmasking a New Level in APT-ware
|
| 3/18/2014 |
Eliminating Permanent Privileged Authority: Making the Switch to Just-In-Time Access
|
| 3/4/2014 |
Application Security Intelligence: The Next Frontier in Security Analytics - Bridge the Gap between Applications and SIEM
|
| 2/20/2014 |
Preparing for the Inevitable: How to Limit the Damage from a Data Breach by Planning Ahead
|
| 2/18/2014 |
Data and Access Governance: Top 6 Areas to Make Sure Are Covered
|
| 2/13/2014 |
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and the Cloud
|
| 2/11/2014 |
Top 10 Security Changes to Monitor in the Windows Security Log
|
| 1/30/2014 |
How to Extend Secure SharePoint Access to Consultants, Customers, Vendors and Business Partners
|
| 1/23/2014 |
Stopping APTs with One-Time Passwords
|
| 1/21/2014 |
Analyzing Logon Failures in the Windows Security Log
|
| 1/9/2014 |
Getting Unstructured Data Under Control for Security and Compliance
|
| 11/7/2013 |
Adobe Hacked Again: What Does It Mean for You?
|
| 10/30/2013 |
Support for Windows XP is Shutting Down for Good: Stay Secure Beyond the End of Life
|
| 10/10/2013 |
Daily Security Log Check for the SMB IT Admin
|
| 9/19/2013 |
Real World Defense Strategies for Targeted Endpoint Threats
|
| 9/18/2013 |
Bridging the Gap between Network and Endpoint Security
|
| 7/18/2013 |
Java Insecurity: How to Deal with the Constant Vulnerabilities
|
| 6/25/2013 |
Tracking an End-User’s Activities through the Windows Security Log and Other Audit Logs
|
| 6/19/2013 |
Implementing ADFS for Single-Sign On to Office 365: Must It Be So Complex?
|
| 6/18/2013 |
Top 6 Security Events to Monitor in SQL Server
|
| 6/12/2013 |
APT Confidential: 14 Lessons Learned from Real Attacks
|
| 5/16/2013 |
Protecting Local Admin Authority on Windows Servers
|
| 5/9/2013 |
Detecting Non-Owner Mailbox Access with Exchange Mailbox Auditing
|
| 4/18/2013 |
Windows Server 2012 Auditing Deep Dive: Claims, Dynamic Access Control, Centralized Permissions
|
| 4/16/2013 |
Reflective Memory Attacks Deep Dive: How They Work; Why They’re Hard to Detect
|
| 3/5/2013 |
Top 9 Mistakes of APT Victims: What They Are and What You Can Do To Prevent Them
|
| 2/20/2013 |
Bit by Bit Analysis of a Java Zero Day Exploit: Methods and Lessons Learned
|
| 1/29/2013 |
WSUS for Secure Patching: Top Tips, Tricks and Scripts for Overcoming Limitations and Challenges
|
| 1/24/2013 |
Office 365 Security: Leveraging Active Directory and Integrating with Other Clouds
|
| 1/15/2013 |
File Access Auditing in Windows Server 2012
|
| 1/9/2013 |
My Rosetta Audit Logging Kits for ArcSight are Here
|
| 12/11/2012 |
Will the Collision of Cloud and BYOD Destroy Everything You’ve Worked for In Active Directory?
|
| 12/4/2012 |
Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers
|
| 11/29/2012 |
Linking Logon to Logoff and Everything in Between with the Windows Security Log
|
| 11/14/2012 |
Windows 8 Is Coming to a BYOD Near You: Are the New Security Features Enough?
|
| 10/3/2012 |
Code Signing Debacle 2.0: A Hacked Adobe Server and Its Impact on Us All
|
| 9/28/2012 |
UNIX/Linux/Mac Integration with Active Directory: Understanding the 5 Possible End States
|
| 9/27/2012 |
Using Logs to Deal With the Realities of Mobile Device Security and BYOD
|
| 9/19/2012 |
10 Steps to Cleaning Up Active Directory User Accounts and Keeping Them that Way
|
| 9/18/2012 |
Stopping the Adobe, Apple and Java Software Updater Insanity
|
| 7/24/2012 |
Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should You Really Do to Protect Against It
|
| 5/15/2012 |
Understanding Exchange 2010 Audit Logging
|
| 5/1/2012 |
Endpoint Security Compliance: Top 11 Questions Auditors Ask
|
| 4/25/2012 |
Auditing SharePoint Activity for Compliance and Security
|
| 3/21/2012 |
Beyond Compliance: Combating Threats with Workstation Configuration Management
|
| 2/23/2012 |
Implementing Virtual Security Cameras to Protect Privileged Access and Enforce Accountability
|
| 1/31/2012 |
BitLocker Drive Encryption: How it Works and How it Compares
|
| 11/15/2011 |
Securing Sensitive Content in SharePoint Sites: What You Need to Know Now
|
| 11/3/2011 |
Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
|
| 11/1/2011 |
Practical Steps For Integrating and Managing Endpoint Security
|
| 8/24/2011 |
Understanding Logon Events in the Windows Security Log
|
| 8/4/2011 |
Top 10 VMWare Security Events You Should Be Monitoring
|
| 8/3/2011 |
Windows 7 AppLocker: Understanding its Capabilities and Limitations
|
| 7/27/2011 |
Active Directory for IT Auditors: Where Does Group Policy Fit In?
|
| 6/16/2011 |
Active Directory for IT Auditors: Understanding Domain Controller Security Issues
|
| 5/18/2011 |
Monitoring Access to Confidential Information in SharePoint
|
| 5/12/2011 |
Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
|
| 4/28/2011 |
SharePoint: What's Going on Behind the Curtain?
|
| 4/14/2011 |
Beyond Auditing: How to Implement Preventive Controls over Powerful Users with Privileged Account Management
|
| 4/13/2011 |
Active Directory for IT Auditors: Documenting and Analyzing User Accounts
|
| 3/23/2011 |
Implement Best Practice, Compliant Log Management and Monitoring with Your Existing Log Management/SEM Solution
|
| 3/18/2011 |
Downsizing Domain Admins: How to Delegate 9 Common Admin Tasks
|
| 3/16/2011 |
Managing Access Control in SharePoint 2010
|
| 3/2/2011 |
Active Directory for IT Auditors: What Changes between Windows 2003 and 2008?
|
| 2/3/2011 |
Endpoint Device Control in Windows 7 and Beyond
|
| 12/2/2010 |
5 Real World Ways to Use Anomaly Detection with Security Logs
|
| 11/11/2010 |
Auditing IIS with the Windows Security Log
|
| 10/26/2010 |
Beyond Windows Patching: Dealing with the New Imperative to Patch Adobe, Apple, Linux and More
|
| 10/14/2010 |
Building a Security Dashboard for Your Senior Executives
|
| 6/30/2010 |
Taming SharePoint Audit Logs with LOGbinder SP and EventTracker
|
| 6/23/2010 |
Top 5 Daily Reports for Monitoring Windows Servers
|
| 6/17/2010 |
Finding Dormant User Accounts in Active Directory
|
| 5/26/2010 |
Getting Out of the Way of Green Initiatives: Power Management Joins Patch Management
|
| 5/6/2010 |
Configuring Windows Audit Policy to Minimize Noise: Provide Compliance, Support Forensics and Detect Intrusions
|
| 3/4/2010 |
Security Log Exposed: Auditing Changes, Deletions and Creations in Active Directory
|
| 2/4/2010 |
Insider Gone Bad: Tracking Their Steps and Building Your Case with the Security Log
|
| 12/10/2009 |
Endpoint Security's Unseen Risk: Users with Admin Authority
|
| 11/17/2009 |
11 Ways to Detect System Intrusions with the Security Log
|
| 10/27/2009 |
Audit Collection Services: Ready for Prime Time?
|
| 10/1/2009 |
Security Log Exposed: What is the Difference Between “Account Logon” and “Logon/Logoff” Events?
|
| 9/30/2009 |
Monitoring Active Directory for Security and Compliance: How Far Does the Native Audit Log Take You?
|
| 9/24/2009 |
Exploring the SharePoint Audit Log
|
| 9/16/2009 |
Top 5 Misconceptions about Endpoint Data Security
|
| 8/18/2009 |
Top 5 Goals for Effectively Using Log Management
|
| 8/13/2009 |
Using Active Directory’s Delegation of Control and Auditing to Streamline Security and Access Management
|
| 7/23/2009 |
Using Windows Server 2008's New Log Management Features: Archival, Forwarding, Views and Triggers
|
| 7/15/2009 |
Integrating Unix/Linux Identity and Authentication into Active Directory
|
| 6/23/2009 |
Root Access: Protecting and Ensuring Accountability in Unix and Linux
|
| 6/16/2009 |
Quantifying the Cost of Log Management: Making a Good Decision Security and Business-wise
|
| 5/21/2009 |
Strong Authentication on a Budget: Leveraging Industry Standards and your Existing Technology Investments
|
| 5/14/2009 |
Top 9 Ways to Detect Insider Abuse with the Security Log
|
| 5/13/2009 |
Addressing the 8 Worst Areas for Risk and Cost in Active Directory Identity Management
|
| 3/19/2009 |
Leveraging the XP and Vista Security Logs to Ensure Workstation Security and Compliance
|
| 2/5/2009 |
SharePoint Security: Managing, Auditing, and Monitoring
|
| 1/20/2009 |
Anatomy of a Hack: Tracking an Intruder with Security Logs
|
| 12/10/2008 |
Active Directory: Answering Who Has Access to What?
|
| 11/13/2008 |
Assessing the Risk of Trust Relationships in Active Directory
|
| 10/29/2008 |
Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly
|
| 10/18/2008 |
Eliminating Admin Rights on Workstations and Laptops: Avoiding the Pitfalls and Making it Work in the Real World
|
| 10/1/2008 |
Understanding Active Directory Structure and How It Makes Auditing AD Different
|
| 9/25/2008 |
Auditing Unauthorized, Unrecognized Software
|
| 9/4/2008 |
Active Directory Audit: Factoring in Integration with Other Applications, Databases and Platforms
|
| 8/7/2008 |
Auditing the Windows/Active Directory Environment
|
| 7/24/2008 |
Top 12 Security Events To Monitor on Member Servers
|
| 6/19/2008 |
Understanding Authentication Events in the Windows 2003 and 2008 Security Logs
|
| 5/20/2008 |
Monitoring Access Changes with the Windows 2008 and 2003 Security Logs
|
| 4/24/2008 |
Advanced Security Log Monitoring through Multi-Event Correlation
|
| 2/28/2008 |
Vista's User Account Control and Beyond
|
| 12/20/2007 |
Auditing Program Execution with the Security Log
|