Blog

Data Security

Penetration Testing Explained, Part VII: Exfiltration and Conclusions

Michael Buckbee

Michael Buckbee

In this series of posts, I covered ideas to get you started using basic testing software to find security vulnerabilities. There are more advanced tools, such as Metasploit, which lets...

Entrepreneurial RATs: AlienSpy and TaaS (Trojans as a Service)

Michael Buckbee

Michael Buckbee

When I wrote about Remote Access Trojans (RATs), I thought they were like the mousetraps of the hacking world — it’s hard to improve on. RATs let hackers get a...

Lessons from the Malware Museum

Michael Buckbee

Michael Buckbee

If you haven’t already seen Mikko Hypponen’s collection of vintage malware at the Internet Archive, take the time for a brief tour. If you’re on a lunch hour, it’s also...

New Updates to the CIS Critical Security Controls

Michael Buckbee

Michael Buckbee

If you haven’t already heard, the Top 20 Critical Security Controls has a new name. Last year, after the Center for Internet Security(CIS) integrated with the Council on Cybersecurity, the...

Social Engineering Remains a Top Cybersecurity Concern

Michael Buckbee

Michael Buckbee

In 2016, the top cyberthreat for IT pros, at least according to ISACA’s Cybersecurity Snapshot, is social engineering.  It has always been a classic exploit amongst the hackerati. But in...

Current Privacy Risks in Genetic Testing

Michael Buckbee

Michael Buckbee

The idea of taking a direct-to-consumer(DTC) genetic test is intriguing. What was once considered an expensive test that could only be performed in a medical environment can now be purchased...

Varonis Seven Part Guide to Penetration Testing

Michael Buckbee

Michael Buckbee

Our sprawling pen-testing series has taken on a life of its own!  For your convenience and blog reading pleasure, we’ve assembled all the links to this six seven part series below....

Penetration Testing Explained, Part VI: Passing the Hash

Michael Buckbee

Michael Buckbee

We’re now at a point in this series where we’ve exhausted all our standard tricks to steal credentials — guessing passwords, or brute force attacks on the hash itself.  What’s...

Varonis and the Building Security in Maturity Model (BSIMM)

Michael Buckbee

Michael Buckbee

With major security threats and vulnerabilities making headlines daily, it’s good to hear there’s now a way for organizations to share experiences and strategically work together. Through the Building Security...

Data Security’s Tower of Jenga

Michael Buckbee

Michael Buckbee

Over the holiday break, I had a chance to see “The Big Short”, the movie based on Michael Lewis’s book about the housing bubble. Or more accurately, about how a...

Design Thinking for your Data Strategy

Michael Buckbee

Michael Buckbee

A fact of life for many Chief Data Officers (CDOs) is that once you’ve achieved certain milestones in your data strategy, your focus will inevitably shift to a new milestone...

Penetration Testing Explained, Part V: Hash Dumping and Cracking

Michael Buckbee

Michael Buckbee

In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. But what happens if you can’t...

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.