Data Security
Penetration Testing Explained, Part V: Hash Dumping and Cracking
Dec 02, 2015
In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. But what happens if you can’t...
A Brief History of Ransomware
Nov 10, 2015
Ransomware’s Early Days The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg1. Harvard-trained evolutionary biologist Joseph L. Popp sent 20,000 infected...
Introducing Varonis UBA Threat Models
Nov 05, 2015
If you’re a regular reader of our blog, you know that we feel that the perimeter is dead, and that the battle against insider (and outsider) threats is won with...
Penetration Testing Explained, Part IV: Making the Lateral Move
Nov 03, 2015
You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land. You’re scrounging around the victim’s website using what’s available —...
Our Version 1.0 List of Penetration Testing Resources
Oct 15, 2015
I barely scratched the surface of penetration testing in my own blogging, and I’ve already amassed a long list of resources. So rather than withhold any longer, I’ll spill the...
Interview with Pen Testing Expert Ed Skoudis
Oct 13, 2015
We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of...
Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells
Oct 08, 2015
Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines....
Penetration Testing Explained, Part II: RATs!
Sep 30, 2015
Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...
Five Things You Need to Know About the Proposed EU General Data Protection Regulation
Sep 16, 2015
European regulators are serious about data protection reform. They’re inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road...
Windows 10 Authentication: The End of Pass the Hash?
Sep 01, 2015
It gets gnarly, but the LSASS address space is now really, really separated from other user processes so that apps like Mimikatz can’t peek into it.
Another Look at Folder Permissions: Beyond AGLP
Aug 18, 2015
AGLP is Microsoft’s four-letter abbreviation for guiding admins in setting permissions in an Active Directory environment. Account, Global, Local, Permission just means the following: you put user accounts (A) into...
Why Law Firms Should Care About Data Security
Aug 14, 2015
An alarming 70% of large firm attorneys do not know if their firm has been breached, according to a recent American Bar Association (ABA) survey conducted by the ABA’s Legal...
Try Varonis free.
Deploys in minutes.