Penetration Testing Explained, Part V: Hash Dumping and Cracking

vault

In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. But what happens if you can’t guess the password? In my pen testing scenario, there’s a beer motif in all the naming of the servers and the local admin passwords. It’s […]

Continue Reading →

Today I Learned: Man in the Middle Executables for Fun and Strictly Not for Profit

TIL

Each week, we’ll bring you the latest news on exploits, protecting your perimeter and keeping your data secure. Informative. Entertaining. Best of all, each post is like an energy bar for IT! It’ll take you less than 2 minutes to read. Enjoy! The fine folks at peinjector.eu want to be really upfront with you about how […]

Continue Reading →

The Difference between UBA and UEBA

In October, Gartner released a new market guide for User and Entity Behavior Analytics (UEBA). I, like many others, wondered why there’s suddenly an “E” in UEBA. Last year’s market guide was simply User Behavior Analytics (UBA). To understand this additional letter, it might be worthwhile to review the market definition of UBA. UBA’s primary […]

Continue Reading →

Today I Learned: Fundamentally Rooted

person-woman-eyes-face

Each week, we’ll bring you the latest news on exploits, protecting your perimeter and keeping your data secure. Informative. Entertaining. Best of all, each post is like an energy bar for IT! It’ll take you less than 2 minutes to read. Enjoy! If you’re an Alan Moore fan, then you’re familiar with the phrase “Who watches […]

Continue Reading →

Study Shows Mobile Apps Scoop Up PII and Other Data

bench-people-smartphone-sun-large

While finishing up a project related to the EU’s new data security law, I’m reminded again how advanced even some of their existing laws are as they relate to consent. In EU land, you’re supposed to explicitly get a consumer’s approval before accessing and processing their personal data. But here in the US, it’s more […]

Continue Reading →

Anatomy of a breach: Sony

anatomy

Our new UBA Threat Models are built on a kill chain, in order to protect your data throughout the entire life cycle of a data breach. But what does that mean, exactly?   Let’s take a look at the anatomy of a breach. How did the Sony breach happen? We know a few things for certain: […]

Continue Reading →

Best Ransomware Videos You Should Watch

night-television-tv-theme-machines

I love to read. But sometimes, I just want a teacher to guide me through new subjects. Take ransomware. I mean, is it as bad as everyone says? And I’m a little ashamed to admit, but what does bitcoin have to do with it? I needed to find top ransomware teachers stat! I’m happy to […]

Continue Reading →

Simple Task-Based PowerShell Examples

task-based

After the novelty of learning something new wears off – unless you can connect the subject to your work – it’s often hard to want to continue practicing. However, an idea, methodology, and/or process might be just the motivation you need. Because sometimes you just don’t know, what you don’t know. Ya’ know? So, let […]

Continue Reading →

HIPAA Breaches 2015 [VISUALIZATION]

photo-bubble

Here are a few reliable signs the end of the year is fast approaching: the leaves are falling, holiday decorations are emerging, and tech bloggers are gazing into their lattes trying to decide what data security news 2016 will bring. My inbox is already starting to fill up with all the usual players wanting to […]

Continue Reading →

DatAnywhere 2.8

boats

We’re excited to announce the beta release of DatAnywhere 2.8, with version control and mapped drive features that enhance collaboration and development, tracking, sharing, and file management. DatAnywhere Version Control DatAnywhere now supports file version control. This includes creating new versions of files when they are modified or uploaded by DatAnywhere users: previous file versions can […]

Continue Reading →