At the beginning of June 2024, Bitsight TRACE started analyzing a new CISA KEV vulnerability that had just come out, with the goal of creating a detection capability that could be implemented on an Internet-wide scale.

Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

A newly discovered zero-day vulnerability in Windows potentially exposes users across multiple Windows versions to credential theft. Discovered by 0patch researchers, this critical security flaw allows attackers to steal NTLM credentials through a deceptively simple method. The vulnerability affects a wide range of Windows systems, including: Technical details of the vulnerability are withheld to minimize exploitation risk until Microsoft issues a fix to minimize any further risk of exploitation.

Usually, the secure boot option is turned on by default with your Windows server PC, but there are some cases when it is already disabled. To confirm and to disable secure boot you need to open device settings from Windows Security Center and see that if the option exists. If you see this Secure Boot option there, it means that secure boot is enabled on your device otherwise disabled. Now we will talk about a step by step guide on how to disable secure boot: 2.

In Windows system administration, one of the more advanced yet important tasks that can be accomplished using PowerShell is deleting registry keys and values. This operation requires careful handling to avoid unintended consequences. Registry keys and values in Windows are critical components that store configuration settings for the operating system and installed applications. Modifying the registry can lead to system instability or even failure if not done correctly.

Your network is comprised of devices and users, and both require proper management. For a user to access a device and its hosted assets, that user requires a user account that has access to the computer. The allocation and management of these accounts are important for multiple reasons including security, personalization and accountability.

NTLM has three versions - NTLMv1, NTLMv2 and NTLMv2 Session Security. NTLMv2 is supposed to offer better security than its previous version, and to some extent it does provides better defense against relay and brute force attacks, but does not completely block them. NTLMv2 Session Security is a session security protocol that can be used in conjunction with NTLMv1 or NTLMv2 to provide additional security.

The Sysdig Windows agent is a game-changer for cloud infrastructure, particularly when it comes to securing Windows containers in Kubernetes environments. While many endpoint protection agents are designed to provide security for traditional Windows hosts, Sysdig goes a step further by incorporating Kubernetes-specific context into its system introspection.

This article explains how, with 1Password’s Device Trust solution, you can use osquery’s file monitoring capabilities to oversee your Windows fleet.