Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

10 Methods for Identifying and Protecting Privileged AD Users

Compromising privileged accounts is the penultimate objective of most cyberattacks — once attackers gain privileged access, they can then accomplish their final goal, whether that’s to steal or encrypt information assets or disrupt business operations. Typically, cybercriminals gain a foothold in a network by compromising of a low-level account on a local machine.

International Data Privacy Laws: A Guide

The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, processed and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving personally identifiable information (PII).

How to Perform Windows Registry Repair: Registry Repair Windows 10

The Windows registry is a database that contains important information about your computer — users, preferences, applications, attached devices and much more. The Windows operating system constantly refers to the registry; for example, to open a program, install new software or change your hardware, Windows must check the values of certain registry keys.

Windows Remote WMI Security Primer for the Faint-Hearted

Local WMI querying is straightforward to implement and troubleshoot — but remote WMI querying is another story. Indeed, setting up secure remote WMI querying for a user with no admin rights is a daunting task. This blog can help. I’ll walk you through the steps I used to enable a standard domain user to query the Microsoft SQL Server WMI namespace class on a Windows Server 2012 R2 running Microsoft SQL Server 2016.

Common Hacker Tools that Complement Mimikatz

Mimikatz is a popular post-exploitation tool that hackers use for lateral movement and privilege escalation. While Mimikatz is quite powerful, it does have some important limitations: As a result, other toolkits have been created to complement Mimikatz. This article explains how three of them — Empire, DeathStar and CrackMapExec — make attacks easier for adversaries.

Active Directory Group Naming: Examples & Best Practices

Imagine being named XYZ in a crowd of other XYZs – a purposeless name that creates confusion and does not communicate a purpose, adding to the cognitive pile of everyone’s day-to-day tasks. Similarly, Active Directory groups created by users need to have logical names so that current and future users do not find themselves stuck in a pickle.

The Importance of Security Risk Assessments and How to Conduct Them

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly business disruptions, data breaches, compliance penalties and other damage.

The Techniques that Attackers Use and Best Practices for Defending Your Organization

Even if you have implemented a Zero Trust security paradigm for network and infrastructure security, you need to plan for the inevitable — at some point, an attacker will get into your network with the intent to deploy ransomware or cause other damage A typical attack goes something like this: There is a misconception that lateral movement threats are limited to on-prem networks.

Why Is PowerShell So Popular for Attackers?

There is an old saying: “One person’s tool is another person’s weapon.” That is certainly true of Windows PowerShell. Included with every Windows operating system today, this powerful command-line shell and scripting language is used by IT professionals for system administration, remote management, cybersecurity, software development and more.

Honeypots and Their Role in Detecting Pass-the-Hash Attacks

Deception technology is a cybersecurity strategy that utilizes decoys to gather information about current threats and attack methodologies used by cybercriminals. The premise of this approach is to offer some sort of bait in your network, such as a fake database that looks like a legitimate one, that attackers will find too enticing to pass up.