Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security, IT Pros

Disabling PowerShell and Other Malware Nuisances, Part I

Back in more innocent times, circa 2015, we began to hear about hackers going malware-free and “living off the land.” They used whatever garden-variety IT tools were lying around on the target site. It’s the ideal way to do post-exploitation without tripping any alarms. This approach has taken off and gone mainstream, primarily because of off-the-shelf post-exploitation environments like PowerShell Empire. I’ve already written about how PowerShell, when supplemented with PowerView, becomes a potent purveyor…
Data Security

One Year Out: 75% of Organizations Will Struggle to Meet EU GDPR Regulation...

Today, we have released the findings from an independent survey probing attitudes towards the EU General Data Protection Regulations (EU GDPR), due to come into effect one year from today.  The survey, which polled 500 IT decision makers in the UK, Germany, France and the U.S., reveals that 75% of organizations indicate they will struggle to be ready for the deadline.  An additional 42% say that it’s not a priority for their businesses, despite the threat…
Data Security

Lessons from WannaCry: Varonis on CNBC’s Nightly Business Report

Last night, Varonis’ Brian Vecci, Technical Evangelist, sat down with Andrea Day of CNBC’s Nightly Business Report to discuss the recent WannaCry outbreak, where it goes from here and lessons to be learned. You can watch the full clip here. “We’re playing catch up because of how much data and how much complexity and how blind we’ve been to these kinds of attacks.” What’s the latest on the attack: We know how to prevent WannaCry…
Data Security

[Podcast] Our Post WannaCry World

After WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security. Meanwhile Shadow Brokers, the…
Data Security

Is a ransomware attack a data breach?

Ransomware is a loss of control Most IT people equate exfiltration of data from their network as the point at which control is lost and a data breach has occurred. They think of it like “where are the bits” and if your user database is being passed around the internet via bittorrent and sold off for a .0001 BTC an account you clearly have lost control. What’s not so obvious is that ransomware (or any…
Data Security

EternalRocks leaves backdoor trojan for remote access to infected machines

What we know so far The WannaCry ransomware worm outbreak from last Friday week used just one of the leaked NSA exploit tools, ETERNALBLUE, which exploits vulnerabilities in the SMBv1 file sharing protocol. On Wednesday security researcher Miroslav Stampar, member of the Croatian Government CERT, who created infamous sqlmap (SQL injection pentesting tool), detected a new self-replicating worm which also spreads via several SMB vulnerabilities. This worm, dubbed EternalRocks uses seven leaked NSA hacking tools…
Data Security

Discover Sensitive Data with a Data Risk Assessment

In our recent 2017 Data Risk Report, we discovered that 47% of organizations had at least 1,000 sensitive files open to every employee. Our latest video shows what a data risk assessment is, why it matters, and how it works.  Check out a sample data risk assessment for a sneak peak of what you might find. A Varonis Data Risk Assessment doesn’t take long – a 90-minute software install lets you map access to your data…
Compliance & Regulation

[Podcast] Mintz Levin’s Sue Foster on the GDPR, Part II

In this second part of our interview with attorney and GDPR pro Sue Foster, we get into a cyber topic that’s been on everyone’s mind lately: ransomware. A ransomware attack on EU personal data is unquestionably a breach —  “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access  …” But would it be reportable under the GDPR, which goes into effect next year? In other words, would an EU company (or US one…
Data Security
Image: Canadian Institute of Mining, CC-BY

Adylkuzz: How WannaCry Ransomware Attack Alerted The World To Even Worse Th...

Your garden variety ransomware, like Cerber, is the canary in the coal mine that rudely, but thankfully announces bigger security issues: insider threats and cyberattacks that take advantage of too much employee access to files. As disruptive as WannaCry has been to vulnerable organizations, this is their canary in the coal mine moment that should alert them to more deadly attacks that don’t announce their presence, like the cryptocurrency miner Adylkuzz. Researchers at Proofpoint have…
Data Security

[Podcast] Pick Up Music, Pick Up Technology

Last week, when the world experienced the largest ransomware outbreak in history, it also reminded me of our cybersecurity workforce shortage. When events like WannaCry happen, we can never have too many security heroes! There was an idea floating around that suggested individuals with a music background might have a promising future in security. The thinking is: if you can pick up music, you can also pick up technology. The Inside Out Security panelists –…
Data Security

How to use PowerShell for WannaCry / WannaCrypt cleanup and prevention

Explosive ransomware infection rates of WannaCrypt/WannaCry have IT groups trying to mass diagnose, update and protect their machines. Thing is, that’s just not practical to do manually – for pretty much any but the smallest of organizations. While there are a number of different PowerShell scripts that have been open sourced in the last three days to automate this (we link to the best one below), it’s quite likely that they won’t necessarily cover exactly…
Data Security

Why did last Friday’s ransomware infection spread globally so fast?

Quick ransomware background Ransomware is a type of malware that encrypts your data and asks for you to pay a ransom to restore access to your files. Cyber criminals usually request that the ransom be paid in Bitcoins: the #1 cryptocurrency (basically a distributed ledger) which can be used to buy and sell goods. By nature, Bitcoin transactions (e.g. ransom payments) are very difficult to trace. Historically, most ransomware infections use the attack vector –…