Latest articles
Our Version 1.0 List of Penetration Testing Resources
Oct 15, 2015
I barely scratched the surface of penetration testing in my own blogging, and I’ve already amassed a long list of resources. So rather than withhold any longer, I’ll spill the...
Interview with Pen Testing Expert Ed Skoudis
Oct 13, 2015
We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of...
Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells
Oct 08, 2015
Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines....
Penetration Testing Explained, Part II: RATs!
Sep 30, 2015
Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...
Penetration Testing Explained, Part I: Risky Business
Sep 23, 2015
In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR,…
Active Directory Security Best Practices
Sep 21, 2015
Active Directory Security should be a top priority of any organization. Read on to learn why AD is so important and how to protect yourself from cyber attacks.
Five Things You Need to Know About the Proposed EU General Data Protection Regulation
Sep 16, 2015
European regulators are serious about data protection reform. They’re inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road...
Windows 10 Authentication: The End of Pass the Hash?
Sep 01, 2015
It gets gnarly, but the LSASS address space is now really, really separated from other user processes so that apps like Mimikatz can’t peek into it.
Why Law Firms Should Care About Data Security
Aug 14, 2015
An alarming 70% of large firm attorneys do not know if their firm has been breached, according to a recent American Bar Association (ABA) survey conducted by the ABA’s Legal...
What is User Behavior Analytics?
Jul 21, 2015
There’s nothing new in using analytics in data protection or breach prevention. Firewalls, for example, analyze packet contents and other metadata, such as IP addresses, to detect and block attackers...
How Varonis Helps with PCI DSS 3.1
Jun 26, 2015
The Payment Card Industry Data Security Standard (PCI-DSS) 3.1 is a set of regulations that govern how organizations manage credit card and other cardholder data. Many security professionals advocate that...
Difference Between Organizational Units and Active Directory Groups
Jun 25, 2015
Active Directory loves hierarchy. Domains, Organizational Units, groups, users, etc. Sometimes it can be confusing—how do I best structure my AD?
Try Varonis free.
Deploys in minutes.