Feature update: Enumerating Windows users
Sensor 4.28.1 update enables you to enumerate users on MS Windows OS using a shorthand console command. General Links.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Windows
Network security LAN Manager Authentication Level
The LAN Manager (LM) is a group of early Microsoft client/server software products that enable users to connect personal computers on a single network. Its features include transparent file and printer sharing, user security features, and network administration tools. In Active Directory domains, the default authentication protocol is the Kerberos protocol. However, if Kerberos is not available for any reason, LM, NTLM, or NTLMv2 can be used as an alternative.
Introducing Windows Passwordless access for local user
Passwordless Windows Access for local users Get RBAC for Windows Server and Desktops without a reliance on Active Directory. Easily copy text between the clipboard on a client and a remote Windows machine and instantly share directories and files from your local client with no manual upload or download.
Using Windows Defender Credential Guard to Protect Privileged Credentials
The compromise of a single Active Directory credential can lead to unauthorized access to your servers, applications, virtualization platforms and user files across your enterprise. One of the reasons for credential vulnerability is that Windows stores credentials in the Local Security Authority (LSA), which is a process in memory.
Windows Security Event Log Best Practices
If your company is like many others, it probably invested heavily in the Microsoft ecosystem. Microsoft has been around since the 1980s, focusing primarily on business technologies. It has a reputation for compatibility which gives you more purchasing options across devices and accessories. Unfortunately, this reach across corporate IT environments means that malicious actors target everything associated with Microsoft.
From Registry With Love: Malware Registry Abuses
The Windows Registry is one of the most powerful Windows operating system features that can tweak or manipulate Windows policies and low-level configuration settings. Because of this capability, most malware or adversaries abuse this hierarchical database to perform malicious tasks on a victim host or environment. Over the last 2 years, the Splunk Threat Research Team has analyzed and reverse engineered some of the most prevalent and successful malware families.
MITRE ATT&CK and Windows registry key
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive knowledge base of tactics, techniques and procedures that adversaries use to conduct cyber-attacks. The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Audit Policy: Object Access: SAM
Audit Policy: Object Access: SAM is a setting in the Windows operating system that controls the auditing of security events related to access to the Security Accounts Manager (SAM) database. The SAM database is used to store user account information, including login credentials, on a Windows system. When the setting is enabled, the system will generate an audit event in the security log of the event viewer every time an attempt is made to access the SAM database.
Audit Policy: Object Access: Certification Services
Audit Policy: Object Access: Certification Services” is a setting in the Windows operating system that controls whether or not the system generates audit events when a certificate is requested or used for authentication purposes.