-
Jan 04, 2016
Data Security’s Tower of Jenga
Over the holiday break, I had a chance to see “The Big Short”, the movie based on Michael Lewis’s book about the housing bubble. Or more accurately, about how a...
Michael Buckbee
3 min read
-
Dec 04, 2015
Design Thinking for your Data Strategy
A fact of life for many Chief Data Officers (CDOs) is that once you’ve achieved certain milestones in your data strategy, your focus will inevitably shift to a new milestone...
Michael Buckbee
2 min read
-
Dec 02, 2015
Penetration Testing Explained, Part V: Hash Dumping and Cracking
In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. But what happens if you can’t...
Michael Buckbee
3 min read
-
Nov 10, 2015
A Brief History of Ransomware
Ransomware’s Early Days The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg1. Harvard-trained evolutionary biologist Joseph L. Popp sent 20,000 infected...
Kieran Laffan
5 min read
-
Nov 05, 2015
Introducing Varonis UBA Threat Models
If you’re a regular reader of our blog, you know that we feel that the perimeter is dead, and that the battle against insider (and outsider) threats is won with...
Michael Buckbee
2 min read
-
Nov 03, 2015
Penetration Testing Explained, Part IV: Making the Lateral Move
You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land. You’re scrounging around the victim’s website using what’s available —...
Michael Buckbee
5 min read
-
Oct 15, 2015
Our Version 1.0 List of Penetration Testing Resources
I barely scratched the surface of penetration testing in my own blogging, and I’ve already amassed a long list of resources. So rather than withhold any longer, I’ll spill the...
Michael Buckbee
3 min read
-
Oct 13, 2015
Interview with Pen Testing Expert Ed Skoudis
We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of...
Michael Buckbee
4 min read
-
Oct 08, 2015
Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells
Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines....
Michael Buckbee
4 min read
-
Sep 30, 2015
Penetration Testing Explained, Part II: RATs!
Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...
Michael Buckbee
3 min read
-
Sep 16, 2015
Five Things You Need to Know About the Proposed EU General Data Protection Regulation
European regulators are serious about data protection reform. They’re inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road...
Michael Buckbee
3 min read
-
Sep 01, 2015
Windows 10 Authentication: The End of Pass the Hash?
It gets gnarly, but the LSASS address space is now really, really separated from other user processes so that apps like Mimikatz can’t peek into it.
Michael Buckbee
3 min read