Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

WannaCry’s Accidental Hero

Quick update on the massive #WannaCry cyber attack. Before I begin, this is going to SOUND like good news, and it is, but please realize that the propagation of this malware can be restarted VERY easily, so please follow the instructions we laid out here to patch. Apparently there was a kill switch built into the malware. It attempts a HTTP GET on iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com. If the request succeeds, it stops propagating, as noted by Talos Intellgience: Earlier…
Data Security

🚨 Massive Ransomware Outbreak: What You Need To Know

Remember those NSA exploits that got leaked a few months back? A new variant of ransomware using those exploits is spreading quickly across the world – affecting everyone from the NHS to telecom companies to FedEx. Here’s What We Know So Far Ransomware appears to be getting in via social engineering and phishing attacks, though vulnerable systems may also be at risk if TCP port 445 is accessible. Unlike most ransomware that encrypts any accessible file…
Data Security

Planet Ransomware

If you were expecting a quiet Friday in terms of cyberattacks, this ain’t it. There are reports of a massive ransomware attack affecting computers on a global scale: in the UK, Spain, Russia, Ukraine, Japan, and Taiwan. The ransomware variant that’s doing the damage is called WCry, also known as WannaCry or WanaCrypt0r. It has so far claimed some high-profile targets, including NHS hospitals in the UK, and telecom and banking companies in Spain. Be…
Compliance & Regulation

[Podcast] Mintz Levin’s Sue Foster on the GDPR, Part I

Sue Foster is a London-based partner at Mintz Levin. She has a gift for explaining the subtleties in the EU General Data Protection Regulation (GDPR). In this first part of our interview, Foster discusses how the GDPR’s new extraterritoriality rule would place US companies under the law’s data obligations. In the blog, we’ve written about some of the implications of the GDPR’s Article 3, which covers the law’s territorial scope. In short: if you market…
Data Security

Practical PowerShell for IT Security, Part IV:  Security Scripting Platfor...

In the previous post in this series, I suggested that it may be possible to unify my separate scripts — one for event handling, the other for classification — into a single system. Dare I say it, a security platform based on pure PowerShell code? After I worked out a few details, mostly having to do with migraine-inducing PowerShell events, I was able to declare victory and register my patent for SSP, the Security Scripting…
Data Security

[Podcast] John P. Carlin, Part 1: Lessons Learned from the DOJ

Last week, John P. Carlin, former Assistant Attorney General for the U.S. Department of Justice’s (DOJ) National Security Division, spent an afternoon sharing lessons learned from the DOJ. And because the lessons have been so insightful, we’ll be rebroadcasting his talk as podcasts. In part one of our series, John weaves in lessons learned from Ardit Ferizi, Hacktivists/Wikileaks, Russia, and the Syrian Electronic Army. He reminds us that the current threat landscape is no doubt…
Data Security

[Podcast] Security Learn-It-Alls

Rather than referring our weekly podcast panelists as security experts, we’re now introducing them as security practitioners. Why? A popular business article on mindset brought to our attention the perils of having self-proclaimed titles, such as experts and gurus. It signals our “thirst for knowledge in a particular subject has been quenched.” That is far from reality! Security is a constantly evolving field, with new threats and vulnerabilities. To have a fighting chance, it would…
Data Security, Varonis News

Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Put Least Privilege on Autopilot Getting to least privilege can be a nightmare. The first steps – tracking down inconsistent ACLs and remediating global access groups can turn even the most basic file share clean-up project into a huge to-do. And so we’re thrilled to announce the upcoming availability of the Automation Engine, which will take the headache out of least privilege by discovering undetected security threats and fixing hidden vulnerabilities without all the manual…
Data Security

Verizon DBIR 2017: “Look Kids, There’s Big Ben!”

The Verizon 2017 Data Breach Investigations Report (DBIR) is out in all its pithy and witty glory, and yet given the actual content, Verizon missed an opportunity to quote Clark Griswold from his European Vacation: “Hey look kids, there’s Big Ben, and there’s Parliament… again.” The biggest takeaway from my review of the DBIR is that organizations are stuck on a great big roundabout passing the same risks and bad guys again and again. Financially- and…
Data Security

Let us Now Praise Varonis DatAnswers

It’s easy to forget a bygone era when digital knights ventured into the dark Internet forests to do battle with search engine dragons. They pulled answers out of the virtual claws and teeth of such search reptiles as Alta Vista, Ask Jeeves, Lycos, and Excite. It was time of gallantry and legendary bravery. I myself remember suiting up in digital armor and wielding a corded mouse as I battled the last of the prehistoric search…
Data Security

[Podcast] Presenting Cybersecurity Ideas to the Board

There’s been a long held stigma amongst our infosec cohort and it’s getting in the way of doing business. What’s the stigma, you ask? “Know-it-all” techies who are unable to communicate. Unfortunately, this shortcoming also puts our jobs at stake. According to a recent cybersecurity survey, the board of directors polled said that IT and security executives will lose their jobs because of their failure to provide the board with useful, actionable information. It gets…
Data Security

ITRC: 2017 Data Breaches on Record Pace

The Identity Theft Resource Center (ITRC) is this blog’s go-to source for current breach statistics. As of April 18, ITRC breach count has reached 456 incidents. That puts us ahead of last year’s sizzling pace of 356 for the same period. If you do the math, then at this rate the number of breaches will reach 1500 by the end of 2017. And that’s way ahead of 2016’s record setting count of 1093 breaches. What’s…