Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security, Varonis News

Introducing a new security dashboard, enhanced behavioral analysis, and mor...

Every day we hear new stories about how our customers are using DatAlert to stop cyberattacks: detecting and disabling ransomware infections, discovering misconfigurations and vulnerabilities, and setting up automatic responses to malware infections. And so, we’ve updated DatAlert to be more intuitive, powerful, and insightful than ever: 6.3.150 includes major updates to DatAlert, additional platform support, and performance enhancements. New Security Dashboard: DatAlert is easier than ever to use as a starting point for investigating…
Data Security

[Podcast] Security Monk vs. Emperor Palpatine

This week, we continue our ongoing ransomware discussion with the Inside Out Security Show panel – Kilian Englert, Mike Buckbee, and Mike Thompson. But before we launched into our conversation, as an icebreaker, I asked the panel what their advice would be to this tired sysadmin who deleted the wrong directory on the wrong server? Buckbee: Do exactly what they did to fix the problem. Englert: It happens, just have to recover and move on.…
Data Security

[Podcast] Professor Angela Sasse on Human-Centered Security

Lately, we’ve been hearing more from security experts who are urging IT pros to stop scapegoating users as the primary reason for not achieving security nirvana. After covering this controversy on a recent episode of the Inside Out Security Show, I thought it was worth having an in-depth conversation with an expert. So, I contacted Angela Sasse, Professor of Human-Centred Technology in the Department of Computer Science at University College London, UK. Over the past…
Data Security, IT Pros

Binge Read Our Pen Testing Active Directory Series

With winter storm Niko now on its extended road trip, it’s not too late, at least here in the East Coast, to make a few snow day plans. Sure you can spend part of Thursday catching up on Black Mirror while scarfing down this slow cooker pork BBQ pizza. However, I have a healthier suggestion. Why not binge on our amazing Pen Testing Active Directory Environments blog posts? You’ve read parts of it, or —…
Compliance & Regulation, Data Security

Update: New York State Finalizes Cyber Rules for Financial Sector

When last we left New York State’s innovative cybercrime regulations, they were in a 45-day public commenting period. Let’s get caught up. The comments are now in. The rules were tweaked based on stakeholders’ feedback, and the regulations will begin a grace period starting March 1, 2017. To save you the time, I did the heavy lifting and looked into the changes made by the regulators at the New York State Department of Financial Services…
Data Security

[Podcast] An Extra Factor of Authentication

Inspired by the tweet below, I asked the Inside Out Security Show panel – Kilian Englert, Mike Buckbee, and Alan Cizenski –  if they could add an extra factor of authentication, what would it be? @Pinboard pic.twitter.com/Xe5e1qYXxi — Matthew Hunt (@coneslayer) January 19, 2017 Plus, we covered a few hot topics: The risks of replacing passports and manned desks with biometric scanning and automation What would it take to set up AD for 28 million…
IT Pros

Five Ways for a CDO to Drive Growth, Improve Efficiencies, and Manage Risk

 in IT Pros
We’ve already written about the growing role of the chief data officer(CDO) and their challenging task to leverage data science to drive profits. But the job of a CDO is not just about moving the profit meter. It’s less-widely known that they’re also tasked with meeting three other business objectives: finding ways to drive overall growth, improve efficiencies and manage risk. Why? All business activities and processes benefit from these three objectives. Luckily, we can…
Compliance & Regulation, Privacy

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part II

More Adam Tanner! In this second part of my interview with the author of Our Bodies, Our Data, we start exploring the implications of having massive amounts of online medical  data. There’s much to worry about. With hackers already good at stealing health insurance records, is it only a matter of time before they get into the databases of the drug prescription data brokers? My data privacy paranoia about all this came out in full…
Data Security, IT Pros

Pen Testing Active Directory Environments, Part VI: The Final Case

If you’ve come this far in the series, I think you’ll agree that security pros have to move beyond checking off lists. The mind of the hacker is all about making connections, planning several steps ahead, and then jumping around the victim’s network in creative ways. Lateral movement through derivative admins is a good example of this approach. In this concluding post, I’ll finish up a few loose ends from last time and then talk about…
Data Security

[Podcast] Parents of Security

While I thought we could ride on our recent successes for just a bit longer, attackers are back in full swing, filling my twitter feed with latest jaw dropping security news. As I waded in worry, I stumbled upon an interesting Benjamin Franklin quote, “Distrust and caution are the parents of security.” Should distrust and caution be the parents of security? Who or what should the parents of security be? I brought these questions to…
Data Security

[Podcast] Security Pros Bring Out Their Game Face

With ransomware and data breaches driving headlines, it can feel like security pros are always one step behind. However, I recently found a few stories that I thought were worth celebrating. Not everyone on the Inside Out Security Show panel – Mike Buckbee, Kilian Englert, and Kris Keyser – thought the stories were good news. Nonetheless, I think that over time, as technologies mature, they do become more stable and secure. A few steps forward,…
Compliance & Regulation, Privacy

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part I

In our writing about HIPAA and medical data, we’ve also covered a few of the gray areas of medical privacy, including  wearables, Facebook, and hospital discharge records. I thought both Cindy and I knew all the loopholes. And then I talked to writer Adam Tanner about his new book Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. In the first part of my interview with Tanner, I learned how pharmacies sell our prescription drug…