Data Security

Penetration Testing Explained, Part V: Hash Dumping and Cracking

Michael Buckbee

Dec 02, 2015

In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. But what happens if you can’t...

A Brief History of Ransomware

Kieran Laffan

Nov 10, 2015

Ransomware’s Early Days The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg1. Harvard-trained evolutionary biologist Joseph L. Popp sent 20,000 infected...

Introducing Varonis UBA Threat Models

Michael Buckbee

Nov 05, 2015

If you’re a regular reader of our blog, you know that we feel that the perimeter is dead, and that the battle against insider (and outsider) threats is won with...

Penetration Testing Explained, Part IV: Making the Lateral Move

Michael Buckbee

Nov 03, 2015

You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land. You’re scrounging around the victim’s website using what’s available —...

Our Version 1.0 List of Penetration Testing Resources

Michael Buckbee

Oct 15, 2015

I barely scratched the surface of penetration testing in my own blogging, and I’ve already amassed a long list of resources. So rather than withhold any longer, I’ll spill the...

Interview with Pen Testing Expert Ed Skoudis

Michael Buckbee

Oct 13, 2015

We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of...

Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells

Michael Buckbee

Oct 08, 2015

Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines....

Penetration Testing Explained, Part II: RATs!

Michael Buckbee

Sep 30, 2015

Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...

Five Things You Need to Know About the Proposed EU General Data Protection Regulation

Michael Buckbee

Sep 16, 2015

European regulators are serious about data protection reform. They’re inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road...

Windows 10 Authentication: The End of Pass the Hash?

Michael Buckbee

Sep 01, 2015

It gets gnarly, but the LSASS address space is now really, really separated from other user processes so that apps like Mimikatz can’t peek into it.

Another Look at Folder Permissions: Beyond AGLP

Ken Spinner

Aug 18, 2015

AGLP is Microsoft’s four-letter abbreviation for guiding admins in setting permissions in an Active Directory environment. Account, Global, Local, Permission just means the following: you put user accounts (A) into...

Why Law Firms Should Care About Data Security

Michael Buckbee

Aug 14, 2015

An alarming 70% of large firm attorneys do not know if their firm has been breached, according to a recent American Bar Association (ABA) survey conducted by the ABA’s Legal...