Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

From PowerShell to p@W3RH311 - Detecting and Preventing PowerShell Attacks

In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)

From PowerShell to P0W3rH3LL - Auditing PowerShell

Imagine someone getting the seemingly innocent ability to run a couple of commands on a machine on your network WITHOUT installing any new software, but those commands resulting in a reverse shell running on that same machine – giving the intruder a convenient outpost in your network. Now stretch your imagination even further and pretend that all of this happens without leaving any unusual traces in logs – leaving you completely in the dark.

Security 101: 7 Tips Every Young Startup Needs to Keep Itself Safe

There are many managerial and operational tasks required to successfully grow a startup business. One of the biggest mistakes startup businesses make is neglecting to safeguard their data from cyber threats. Some studies show that 200,000 new malware samples were discovered each day in 2016. Unfortunately, analysts expect this number to increase as more businesses use cloud storage and other internet services. Safeguarding your online information is paramount to setting up your business for success.

Adoption of the Public Cloud in the Financial Services Industry

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are genuine concerns about the cloud’s adoption in FSI, and cloud providers are also innovating to meet the challenges faced by FSI.

GDPR - Data Processing EU Data as a US Business

Due to the growing and ever-changing digital market, the EU took a major step to protect EU citizens’ personal data and privacy rights in today’s digital world. From proposal to adoption, the General Data Protection Regulation (GDPR) took over four years to become law regulating the data collection and security during processing and movement of personal data of EU citizens. The GDPR is applicable in all EU markets/countries, including by association, Norway, Switzerland, and the UK.

Mr. Robot, Mimikatz and Lateral Movement

In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.

Securing Exchange Server OWA & ActiveSync - Proactive Security with EventSentry

With the proper auditing enabled (Logon/Logoff – Logon (Failure)) and EventSentry installed however, we can permanently block remote users / hosts who attempt to log on too many times with a wrong password. Setting this up is surprisingly simple.

Auditing DNS Server Changes on Windows 2008/2008R2/2012 with EventSentry

If you’re running Windows 2008 (R2) or 2012 then setting up DNS auditing requires a few steps. Thankfully it’s a one-time process and shouldn’t take more than a few minutes. On the EventSentry side a pre-built package with all the necessary rules is available for download and included with the latest installer.