Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

I’m Sean Campbell, Systems Engineer at Varonis, and This is How I Work

In April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer. Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis…
Data Security

Understanding Malware-Free Hacking, Part I

When I first started looking into the topic of hackers living off the land by using available tools and software on the victim’s computer, little did I suspect that it would become a major attack trend. It’s now the subject of scary tech headlines, and security pros are saying it’s on the rise. It seems like a good time for a multi-part IOS blog series on this subject. Known also as file-less or zero-footprint attacks, malware-free…
Data Security

How to use PowerShell Objects and Data Piping

This article is a text version of a lesson from our PowerShell and Active Directory Essentials video course (use code ‘blog’ for free access). The course has proven to be really popular as it walks you through creating a full Active Directory management utility from first principles. What makes a PowerShell Object? If there’s one thing you fundamental difference between PowerShell and other scripting languages that have come before, it’s PowerShell’s default use of Objects…
Data Security

Our Most Underappreciated Blog Posts of 2017

Another year, another 1293 data breaches involving over 174 million records. According to our friends at the Identity Theft Resource Center, 2017 has made history by breaking 2016’s record breaking 1091 breaches. Obviously it’s been a year that many who directly defend corporate and government systems will want to forget. Before we completely wipe 2017 from our memory banks, I decided to take one last look at the previous 12 months worth of IOS posts.  While…
Data Security

How To Get Started with PowerShell and Active Directory Scripting

Build a Full PowerShell Utility This article is a text version of a lesson from our PowerShell and Active Directory Essentials video course (use code ‘blog’ for free access). The course has proven to be really popular as it walks you through creating a full Active Directory management utility from first principles. Coding With PowerShell It can be hard to get started with PowerShell, especially if over the years you’ve become accustomed to working with…
Data Security, Privacy

The Difference Between Data Security and Privacy

Repeat after me, data security is not privacy. Privacy is also not data security. These two terms are often used interchangeably, but there are distinct differences as well as similarities. Yes, data security and privacy have a common goal to protect sensitive data. But they have very different approaches for achieving the same effect. Data security focuses on protecting the data from theft and breaches. Whereas privacy governs how data is being collected, shared and…
Data Security

[Podcast] Who is in Control? The Data or Humans?

Self-quantified trackers made possible what was once nearly unthinkable: for individuals to gather data on one’s activity level in order to manage and improve one’s performance. Some have remarked that self-quantified devices can hinge on the edge of over management. As we wait for more research reports on the right dose of self-management, we’ll have to define for ourselves what the right amount of self-quantifying is. Meanwhile, it seems that businesses are also struggling with…
Data Security

Our 2018 Cybersecurity Predictions

Looking back, 2017 had all the twists and turns of a good disaster movie. Hackers steal and leak the NSA’s powerful exploit kit that’s then unleashed on the world through a Dr. Evilish ransomware-worm hybrid.  Later, a top U.S. credit reporting agency discloses a breach involving the social security numbers of 143 million Americans. Meanwhile, a $1.8 billion legal battle is being waged between two tech giants over stolen software for self-driving cars. In the…
Data Security

Most Popular Infosec Quotes of the Year

In 2017, we’ve interviewed many privacy experts, chief data officers, security pros and learned so much about the real world. Because we’ve covered so much, I’ve curated the most popular infosec quotes so that we can revisit their sage advice and strategies. Let the ideas simmer so that we can enter 2018 with a stronger vision and execute our ideas smoothly. Enjoy! 1. Yes to diversity and skill set Hire for diversity or for skill…
IT Pros

DNSMessenger: 2017’s Most Beloved Remote Access Trojan (RAT)

I’ve written a lot about Remote Access Trojans (RATs) over the last few years. So I didn’t think there was that much innovation in this classic hacker software utility. RATs, of course, allow hackers to get shell access and issue commands to search for content and then stealthily copy files. However, I somehow missed, DNSMessenger, a new RAT variant that was discovered earlier this year. The malware runs when the victim clicks on a Word doc…
Data Security

Automating Permissions Cleanup: An In-Depth ROI Analysis

Implementing a least privilege model can be time-consuming and expensive, but important in any data security strategy. The Varonis Automation Engine helps you automate the process, and drastically reduces the time required get there. Previously, we discussed automating data access requests to achieve incredible ROI by cutting down on help desk tickets. We also briefly mentioned the enormous amount of work involved in finding and fixing global access–a task which can drastically reduce the risk…
Data Security

Data Security 2017: We’re All Hacked

Remember more innocent times back in early 2017? Before Petya, WannaCry, leaked NSA vulnerabilities, Equifax, and Uber, the state of data security was anything but rosy, but I suppose there was more than a few of us left — consumers and companies — who could say that security incidents did not have a direct impact. That has changed after Equifax’s massive breach affecting 145 million American adults — I was a victim — and then…