Featured Content
-
Dec 16, 2016
Pen Testing Active Directory Environments, Part III: Chasing Power Users
For those joining late, I’m currently pen testing the mythical Acme company, now made famous by a previous pen testing engagement (and immortalized in this free ebook). This time around...
Michael Buckbee
5 min read
-
Dec 08, 2016
New Mirai Attacks, But It’s Still About Passwords
Last week, Mirai-like wormware made the news again with attacks on ISPs in the UK. Specifically, customers of TalkTalk and PostOffice reported Internet outages. As with the last Mirai incident...
Michael Buckbee
3 min read
-
Nov 30, 2016
PowerView Pen Testing
Pen Testing Active Directory Environments, PowerView, and how to go on the offensive with AD, take a look at our guide!
Michael Buckbee
4 min read
-
Nov 29, 2016
Why UBA Will Catch the Zero-Day Ransomware Attacks (That Endpoint Protection Can’t)
Ransomware attacks have become a major security threat. It feels like each week a new variant is announced –Ransom32, 7ev3n. This malware may even be involved in the next big...
Kieran Laffan
2 min read
-
Nov 21, 2016
Understanding SQL Injection, Identification and Prevention
When you think of a website getting hacked, you might picture someone in a hoodie in a high tech bunker (or their mom’s basement), wailing on a keyboard, controlling thousands...
Michael Buckbee
12 min read
-
Nov 10, 2016
Pen Testing Active Directory Environments, Part I: Introduction to crackmapexec (and PowerView)
I was talking to a pen testing company recently at a data security conference to learn more about “day in the life” aspects of their trade. Their president told me...
Michael Buckbee
4 min read
-
Nov 01, 2016
Overheard: "IT security has nothing to learn from the Mirai attack”
After my post last week on the great Mirai Internet takedown of 2016, I received some email in response. One of the themes in the feedback was, roughly, that ‘Mirai...
Michael Buckbee
3 min read
-
Oct 27, 2016
The Mirai Botnet Attack and Revenge of the Internet of Things
Once upon a time in early 2016, we were talking with pen tester Ken Munro about the security of IoT gadgetry — everything from wireless doorbells to coffee makers and...
Michael Buckbee
5 min read
-
Oct 25, 2016
NTFS Permissions vs Share: Everything You Need to Know
NTFS permissions are used to manage access to the files and folders that are stored in NTFS file systems. When you are using share and NTFS (NT File System) permissions together, the most restrictive permission wins.
Michael Buckbee
3 min read
-
Oct 24, 2016
SQL Server Best Practices, Part II: Virtualized Environments
It is 2016 and some people still think SQL Server cannot be run on a virtual machine. SQL Server can successfully run in a VM but SQL is resource-intensive by...
Kieran Laffan
8 min read
-
Oct 20, 2016
What is Privileged Access Management (PAM)?
Privileged access management is the process to monitor and secure your most sensitive user accounts. Keep reading to find out how to use PAM to keep your data safe.
Michael Buckbee
5 min read
-
Oct 11, 2016
The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)
Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)? Sure you do! It came about because the US...
Michael Buckbee
2 min read