Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Netwrix

Detecting Advanced Process Tampering Tactics with Sysmon v13

Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced monitoring for two advanced malware tactics: process hollowing and herpaderping. This article explains what these tactics are, why they are so dangerous and how you can now detect them using Sysmon.

Using the Set-ADUser Cmdlet to Modify Properties of Active Directory Users

Administrators have several options for managing the properties of Active Directory users. The Active Directory Users and Computers (ADUC) console is convenient for making a few basic changes, such as modifying a user’s description or office location. For more functionality, however, consider using PowerShell. This article illustrates how you can address many common use cases with the PowerShell cmdlet Set-ADUser.

Get-ChildItem PowerShell Ultimate Guide

The PowerShell cmdlet Get-ChildItem obtains objects from one or more specified locations, such as a file system directory, registry hive or certificate store. These locations are exposed by PowerShell providers. If the location is a container, the cmdlet gets the child items in that container. The -Recurse parameter can be used to get items from all child containers, while the -Depth parameter can be used to limit how many levels to recurse to.

How Adversaries Achieve Persistence using AdminSDHolder and SDProp

Once an adversary has compromised privileged credentials, for example, by exploiting an attack path, they want to make sure they don’t lose their foothold in the domain. That is, even if the accounts they have compromised are disabled or have their passwords reset, they want to be able to easily regain Domain Admin rights. One way to achieve this persistence is to exploit features of Active Directory that are intended to keep privileged accounts protected: AdminSDHolder and SDProp.

Modify Mailbox Settings Via the Set-Mailbox Cmdlet

The Exchange Administration Center (EAC) is an easy-to-use interface for managing Exchange. However, it enable you to change only a handful of mailbox settings, and you can modify only one mailbox at a time. For more comprehensive management, you turn to Microsoft PowerShell (or, to be exact, Exchange Management Shell).

How to Contain a Privileged Access Breach Quickly and Effectively

If an adversary manages to gain control of a privileged account in your network, you may face serious consequences, including costly data loss, prolonged downtime, customer churn, and legal and compliance penalties. This blog explains how to build an effective incident response plan that can help you minimize the damage from a breach.

Zero Trust: The Case for Just-in-Time Access

Traditional IT security models focused on one thing: keeping the bad guys out the network. Anyone inside the network was physically in the corporate office and logged on to a machine set up and managed by the IT team, so they were trusted implicitly. That model no longer works. Today’s world of cloud resources, remote workers and user-owned devices has blurred if not entirely erased the notion of a network perimeter that could be defended.

Distribution Group Management via Set-DistributionGroup

A distribution group is a mail-enabled Active Directory group used to send a message to a group of recipients who are members of that group. Administrators can manage some of the properties and permissions of distribution groups using the Exchange Administration Center (formerly Exchange Management Console). However, this article explains how to perform many common distribution group management tasks using the Exchange Management Shell cmdlets Set-DistributionGroup and Add-DistributionGroupMember.

How to Install And Use Active Directory Administrative Center (ADUC)

Active Directory Administrative Center (ADAC) is a Microsoft tool that admins can use to manage objects in Active Directory. ADAC is available in Windows Server 2008 R2 and higher. ADAC is a graphical interface on top of Windows PowerShell. This means that every time an action is carried out through ADAC, Windows PowerShell cmdlets are executed in the background.

An Introduction to Browser Cookies

Back in the early 1990s, website managers decided they needed a way to remember data about users, and the cookie was born. Browser cookies, also known as http cookies, are small text files that are deposited on your computer while you are visiting a website. Depending on your internet activity, you could have dozens or even hundreds of them stored on your computer. These computer cookies have been a center of controversy since their introduction.