Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
IT Pros

The Difference between Windows Server Active Directory and Azure AD

 in IT Pros
Once upon a time, IT pros believed that the risks of a data breach and compromised credentials were high enough to delay putting data on the cloud. After all, no organization wants to be a trending headline, announcing yet another data breach to the world. But over time with improved security, wider adoption and greater confidence, tech anxiety subsides and running cloud-based applications such as Microsoft’s subscription-based service Office 365 feels like a natural next…
Data Security

The Security Threats are Coming From Inside the House!

Think of any of the big data breaches: Equifax, Target, NSA, Wikileaks, Yahoo, Sony. They all have one thing in common: the data breaches were an inside job. That’s not to say that all the hackers were employees or contractors, but once the hackers get inside the perimeter security, is there any difference? Their activities all look the same to an outside observer. We write about this phenomenon so often. Once a hacker gets access…
Compliance & Regulation

The Right to Be Forgotten and AI

One (of the many) confusing aspects of the EU General Data Protection Regulation (GDPR) is its “right to be forgotten”. It’s related to the right to erasure but takes in far more ground. The right to have your personal deleted means that data held by the data controller must be removed on request by the consumer. The right to be forgotten refers more specifically to personal data the controller has made public on the Intertoobz. Simple,…
Data Security

Krack Attack: What You Need to Know

For the last decade, philosophers have been in agreement that there is another, deeper level within Maslow’s Hierarchy of Human Needs: WiFi Access. We’re now at the point where even the most mundane devices in your house are likely to be WiFi enabled. Today we learned that every single one of those devices–every single smartphone, wireless access point, and WiFi-enabled laptop–is vulnerable due to a fundamental flaw with WPA2(Wireless Protected Access v2). It turns out…
Data Security

[Podcast] The Anatomy of a Cybercriminal Startup

Outlined in the National Cyber Security Centre’s “Cyber crime: understanding the online business model,” the structure of a cybercrime organization is in many ways a lot like a regular tech startup. There’s a CEO, developer, and if there are enough funds, an IT department. However, one role outlined on an infographic on page nine of the report that was a surprise and does not exist in legitimate businesses. This role is known as a “money…
Compliance & Regulation

New York State Cyber Regulations Get Real

We wrote about NY’s innovate cyber regulations earlier this year. For those who don’t remember, NY State Department of Financial Services (NYSDFS) launched GDPR-like cyber security regulations for its massive financial industry, including requirements for 72-hour breach reporting, limited data retention, and designation of a chief information security officer. As legal experts have noted, New York leads the rest of the states in its tough data security rules for banks, insurance, and investment companies. And…
Data Security

My Big Fat Data Breach Cost Post, Part II

If I had to summarize the first post in this series in one sentence, it’s this: as a single number, the average is not the best way to understand a dataset. Breach cost averages are no exception! And when that dataset is skewed or “heavy tailed”, the average is even less meaningful. With this background, it’s easier to understand what’s going on with the breach cost controversy as its being played out in the business…
Data Security

[Podcast] How Weightless Data Impacts Data Security

By now, we’re all aware that many of the platforms and services we use collect and store information about our data usage. Afterall, they want to provide us with the most personalized experience. So when I read that an EU Tinder user requested information about her data and was sent 800 pages, I was very intrigued with the comment from Luke Stark, a digital technology sociologist at Dartmouth University, “Apps such as Tinder are taking…
Varonis News
Nasuni Cloud NAS

Varonis Brings Data Security to Nasuni

We’re excited to announce that, in an upcoming release, the Varonis Data Security Platform will bring data-centric audit and protection to Nasuni Enterprise File Services. Nasuni is a key Varonis partner in the growing market for hybrid cloud Network Attached Storage (NAS). If Nasuni is a critical part of your IT infrastructure, adding Varonis will enable you to: Discover and classify sensitive, regulated files Detect and alert on suspicious activity like ransomware and insider threats…
IT Pros

[Transcript] Ofer Shezaf and Keeping Ahead of the Hackers

Inside Out Security: Today I’m with Ofer Shezaf, who is Varonis’s Cyber Security Director. What does that title mean? Essentially, Ofer’s here to make sure that our products help customers get the best security possible for their systems. Ofer has had a long career in data security and I might add is a graduate of Israel’s amazing Technion University. Welcome, Ofer. Ofer Shezaf: Thank you. IOS: So I’d like to start off by asking you…
Varonis News

Catching Up With Varonis Tech Evangelist Brian Vecci

Who was that incredibly knowledgeable security pro on CNBC talking about the Equifax breach? That familiar face and voice  belongs to none other than our own Brian Vecci. If you’ve been following Varonis on Twitter or Linkedin, you’re likely aware that Brian has been on CNBC before. And he’s made a lot of other media appearance. So we asked our amazing research staff to track down Brian’s recent interview activity — not surprisingly, he’s been…
Data Security

[Podcast] Penetration Testers Sanjiv Kawa and Tom Porter

While some regard Infosec as compliance rather than security, veteran pentesters Sanjiv Kawa and Tom Porter believe otherwise. They have deep expertise working with large enterprise networks, exploit development, defensive analytics and I was lucky enough to speak with them about the fascinating world of pentesting. In our podcast interview, we learned what a pentesting engagement entails, assigning budget to risk, the importance of asset identification, and so much more. Regular speakers at Security Bsides,…