Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

[Podcast] Varonis Director of Cyber Security Ofer Shezaf, Part II

A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. In this second part of the interview, we explore different ways to improve corporate data security, including security by design techniques at the development stage, deploying Windows 10s, and even labeling security products! Learn more from Ofer by clicking on the interview above.
Data Security, IT Pros

3 Tips to Monitor and Secure Exchange Online

Even if you don’t have your sights on the highest office in the country, keeping a tight leash on your emails is now more important than ever. Email is commonly targeted by hackers as a method of entry into organizations. No matter if your email is hosted by a 3rd party or managed internally, it is imperative to monitor and secure those systems. Microsoft Exchange Online – part of Microsoft’s Office365 cloud offering – is…
IT Pros

PowerShell Obfuscation: Stealth Through Confusion, Part I

To get into the spirit of this post, you should probably skim through the first few slides of this presentation by Daniel Bohannon and Le Holmes given at Black Hat 2017. Who would have thunk that making PowerShell commands look unreadable would require a triple-digit slide deck? We know PowerShell is the go to-tool for post-exploitation, allowing attackers to live off the land and prosper. Check out our pen testing Active Directory series for more…
IT Pros

[Podcast] Varonis Director of Cyber Security Ofer Shezaf, Part I

A self-described all-around security guy, Ofer Shezaf is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel’s Technion University. It’s always great to talk to Ofer on data security since his perspective is shaped by a 20-year career. He’s seen it all! In…
Data Security

More NSA Goodness: Shadow Brokers Release UNITEDRAKE

Looking for some good data security news after the devastating Equifax breach? You won’t find it in this post, although this proposed federal breach notification law could count as a teeny ray of light. Anyway, you may recall the Shadow Brokers, which is the group that hacked the NSA servers, and published a vulnerability in Windows that made WannaCry ransomware so deadly. Those very same Shadow Brokers have a new product announcement that also appears…
Data Security, Varonis News

DatAdvantage for Exchange Online Is Here

We’re thrilled to introduce complete monitoring for Exchange Online as part of our 6.4.50 beta, giving Varonis customers the same coverage we provide with the Exchange on-premise system – but now in the cloud. With DatAdvantage for Exchange Online, you’ll be able to manage access and monitor email events – and with DatAlert, you’ll get alerted when there’s unusual mailbox activity. We’ve also added new threat models for Exchange Online – including abnormal service behavior:…
Data Security

My Big Fat Data Breach Cost Post, Part I

Data breach costs are very expensive. No, wait they’re not. Over 60% of companies go bankrupt after a data breach! But probably not. What about reputational harm to a company? It could be over-hyped but after Equifax, it could also be significant. And aren’t credit card fraud costs for consumers a serious matter? Maybe not! Is this post starting to sound confusing? When I was tasked with looking into data breach costs, I was already familiar with the…
Compliance & Regulation, Privacy

The Equifax Breach and Protecting Your Online Data

As we all know by now, the Equifax breach exposed the credit reports of over a 140 million Americans. What are in these reports? They include the credit histories of consumers along with their social security numbers. That makes this breach particularly painful. The breach has also raised the profile of the somewhat mysterious big three national credit reporting agencies or NCRAs — Experian and TransUnion are the other two. Lenders use NCRAs to help…
Data Security, Privacy

[Podcast] Dr. Tyrone Grandison on Data, Privacy and Security

Dr. Tyrone Grandison has done it all. He is an author, professor, mentor, board member, and a former White House Presidential Innovation Fellow. He has held various positions in the C-Suite, including his most recent role as Chief Information Officer at the Institute of Health Metrics and Evaluation, an independent health research center that provides metrics on the world’s most important health problems. In our interview, Tyrone shares what it’s like to lead a team…
Data Security

[Podcast] When Hackers Behave Like Ghosts

We’re a month away from Halloween, but when a police detective aptly described a hotel hacker as a ghost, I thought it was a really clever analogy! It’s hard to recreate and retrace an attacker’s steps when there are no fingerprints or evidence of forced entry. Let’s start with your boarding pass. Before you toss it, make sure you shred it, especially the barcode. It can reveal your frequent flyer number, your name, and other…
Data Security
risk assessment video

Finding EU Personal Data With Regular Expressions (Regexes)

If there is one very important but under-appreciated point to make about complying with tough data security regulations such as the General Data Protection Regulation (GDPR), it’s the importance of finding and classifying the personally identifiable information, or personal data as it’s referred to in the EU. Discovering where personal data is located in file systems and the permissions used to protect it should be the first step in any action plan. You don’t have to…
Data Security

What You Can Learn About How to Secure an API from the FCC

Every day thousands of phishing emails are sent to unsuspecting people who are tricked into handing over their credentials for online services or directly bilked out of their money. Phishers go to great lengths to lean on the credibility of the organizations they’re impersonating. So what could be better than the ability to post a document onto an actual official website? Recently, it came to light that as part of the FCC’s public commenting system…