Featured content

In December of 2016, a researcher approached credit card reporting agency Equifax with a simple message: Your website is vulnerable to a cyber attack. The company did nothing to patch the flaw. They were breached six months later, in May of 2017, with hackers stealing the sensitive data of 145.5 million Americans.

Back when I was pen testing with the wonderful PowerView, I was using it to pull user information from Active Directory. At the time I was more interested in gathering group membership and then using that info to hop around a network. Anyway, AD contains sensitive data about employees, some of which really should not be available to everyone in the organization. In fact, there is an equivalent to the “everyone” problem in Windows file systems for Active Directory that can also be exploited by insiders and outsiders alike.

As I wrote in another post, HR records are considered personal data and covered under the General Data Protection Regulation (GDPR). Since I keep on hearing from people who should know better that it’s not, I have good reason to take up this subject again and get into more details.

This article is part of the series "Koadic Post-Exploitation Rootkit". Check out the rest: Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Part I Koadic: Pen Testing, Pivoting, & JavaScripting, Part II Koadic: Implants and Pen Testing Wisdom, Part III Koadic: Security Defense in the Age of LoL Malware, Part IV

Endpoints are a favorite target of attackers – they’re everywhere, prone to security vulnerabilities, and difficult to defend. 2017’s WannaCry attack, for example, is reported to have affected more than 230,000 endpoints across the globe.

The one-year anniversary of the implementation of the General Data Protection Regulation (GDPR) recently passed, a significant milestone in data privacy and user protection. The GDPR is a piece of EU legislation with the main purpose to protect users and their data. Lawmakers wanted to implement better controls over companies’ access to and right to store their users’ data.

Lately, we’ve been so focused on data governance, extracting the most value from our data and preventing the next big breach, many of us have overlooked IT governance fundamentals, which help us achieve great data governance.

This article is part of the series "Fileless Malware". Check out the rest: Adventures in Fileless Malware, Part I Adventures in Fileless Malware, Part II: Sneaky VBA Scripts Adventures in Fileless Malware, Part III: Obfuscated VBA Scripts for Fun and Profit Adventures in Fileless Malware, Part IV: DDE and Word Fields Adventures in Fileless Malware, Part V: More DDE and COM Scriplets Adventures in Fileless Malware: Closing Thoughts

Companies are under pressure to keep data safe, plus act both swiftly and transparently in the event of a data breach. Slow responses to breaches result in fines from (sometimes multiple) federal entities, loss of customer trust, time lost to the breach instead of business operations, and so much more. These breaches seem to become more public and far reaching as time goes on. One positive thing we can pull from this is the opportunity to learn and prepare our own companies for potential breaches.

An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, users, computers, and group policies.

This article is part of the series "GDPR American-Style". Check out the rest: Wyden’s Consumer Data Protection Act: Preview of US Privacy Law Wyden’s Consumer Data Protection Act: How to Be Compliant

I’ve already written about the fundamentals of security analytics. To review: it’s the process of aggregating, correlating, and applying other more advanced techniques to raw event data in order to produce an actionable security result. The ideas for my definition were borrowed heavily from Gartner’s wise security thinker, Anton Chuvakin, who has a wonderful presentation on this very subject.