Data Security

Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells

Michael Buckbee

Oct 08, 2015

Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines....

Penetration Testing Explained, Part II: RATs!

Michael Buckbee

Sep 30, 2015

Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...

Five Things You Need to Know About the Proposed EU General Data Protection Regulation

Michael Buckbee

Sep 16, 2015

European regulators are serious about data protection reform. They’re inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road...

Windows 10 Authentication: The End of Pass the Hash?

Michael Buckbee

Sep 01, 2015

It gets gnarly, but the LSASS address space is now really, really separated from other user processes so that apps like Mimikatz can’t peek into it.

Another Look at Folder Permissions: Beyond AGLP

Ken Spinner

Aug 18, 2015

AGLP is Microsoft’s four-letter abbreviation for guiding admins in setting permissions in an Active Directory environment. Account, Global, Local, Permission just means the following: you put user accounts (A) into...

Why Law Firms Should Care About Data Security

Michael Buckbee

Aug 14, 2015

An alarming 70% of large firm attorneys do not know if their firm has been breached, according to a recent American Bar Association (ABA) survey conducted by the ABA’s Legal...

What is User Behavior Analytics?

Michael Buckbee

Jul 21, 2015

There’s nothing new in using analytics in data protection or breach prevention. Firewalls, for example, analyze packet contents and other metadata, such as IP addresses, to detect and block attackers...

How Varonis Helps with PCI DSS 3.1

Michael Buckbee

Jun 26, 2015

The Payment Card Industry Data Security Standard (PCI-DSS) 3.1 is a set of regulations that govern how organizations manage credit card and other cardholder data. Many security professionals advocate that...

How to Create a Good Security Policy

Michael Buckbee

May 06, 2015

CIOs have taken note of the nightmarish scenarios data breaches can bring – remember Sony and Target? To combat this ticking time bomb, they’ve beefed up their security budgets. The Computer...

SSL and TLS 1.0 No Longer Acceptable for PCI Compliance

Michael Buckbee

May 06, 2015

The PCI Council released version 3.1 of their Data Security Standard (DSS), stating that SSL and TLS 1.0 can no longer be used after June 30, 2016.

Seven Free Data Wrangling Tools

Michael Buckbee

Apr 22, 2015

Reformatting, de-duping, merging, and filtering are just some of the functions that go under the broad category of data wrangling. It’s all the scrubbing and cleaning that data scientists apply...

Privacy by Design Cheat Sheet

Michael Buckbee

Mar 26, 2015

Privacy by Design (PbD) has been coming up more and more in data security discussions. Alexandra Ross, the Privacy Guru, often brings it up in her consultations with her high...