During my time as a penetration tester, I’ve seen many IT teams storing server catalogs with respective IP addresses and passwords in a sharable Excel sheet. This is more so true in windows server infrastructure as many organizations resort to password-based auth for local and remote access. Of course, security-conscious organizations would use a password vault. But in any case, password storage in any form is often an Achilles heel in infrastructure security.
We are excited to welcome Windows hosts to the Teleport Access Plane. For the past 5 years we’ve helped refine our Access Plane for Linux hosts, providing short-lived certificate-based access, RBAC and developer-friendly access to resources. As we’ve rolled Teleport to larger organizations, we found that people wanted the same convenience and security of Teleport but for Windows hosts.
This is the second in a two-part series discussing a still-unpatched userland Windows privilege escalation. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver. Part 1 of this blog series showed how to block these attacks via ACL hardening. If you haven’t already, please read the first part of this series, because it lays an important foundation for this article. Interested readers can also check out the excellent Unknown Known DLLs...
The majority (66%) of companies today have started some transition or co-management to the cloud. The goal is to digitally transform the enterprises of the companies. While the basic network concepts may be similar, the cloud is a different beast. It uses different protocols and management tools. There is also a host of new acronyms to learn.
AppLocker is an application control feature found in enterprise editions of Windows. The tool enables you to manage which applications and files users can run. Windows AppLocker aims to limit software access and related data from specific users and business groups. The results of which is heightened security reduced administrative overhead and fewer helpdesk calls.
The local Windows administrator account is a coveted target for hackers and malware. There are potentially a lot of bad things that can happen if a hacker can crack the local admin account of one of your servers. Dreadful things usually occur when someone downloads a malicious malware strain using the administrator account as well. The magnitude of these problems is amplified even more if you use the default administrator account for every similar machine uses the same password.
Got a Windows PC? You can now enjoy the modern design, improved productivity, and enhanced security & privacy of the all-new 1Password 8. 🥳