Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

Varonis eBook: Pen Testing Active Directory Environments

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin! Or maybe you tuned in late, saw this post, and binge read the whole thing during snow storm Nemo. In any case, we know from the many emails we received…
Data Security

[Podcast] How Infosec Can Implement Diversity & Inclusion Programs to ...

Data breaches keep on happening, information security professionals are in demand more than ever. Did you know  that there is currently a shortage of one million infosec pros worldwide? But the solution to this “man-power” shortage may be right in front of and around us. Many believe we can find more qualified workers by investing in Diversity & Inclusion programs. According to Angela Knox, Engineering Director at Cloudmark, “We’re missing out on 50% of the…
Data Security

[Podcast] Security Courts the Internet of Things

As more physical devices connect to the internet, I wondered about the responsibility IoT manufacturers have in building strong security systems within devices they create. There’s nothing like a lapse in security that could potentially halt the growth of a business or bring more cybersecurity awareness to a board. I discussed these matters with this week’s Inside Out Security Show panel – Forrest Temple, Kilian Englert and Mike Buckbee. First in line to be discussed…
IT Pros

Practical PowerShell for IT Security, Part I: File Event Monitoring

Back when I was writing the ultimate penetration testing series to help humankind deal with hackers, I came across some interesting PowerShell cmdlets and techniques. I made the remarkable discovery that PowerShell is a security tool in its own right. Sounds to me like it’s the right time to start another series of PowerShell posts. We’ll take the view in these posts that while PowerShell won’t replace purpose-built security platforms — Varonis can breathe easier…
Customer Success

City of San Diego Uses the Varonis Data Security Platform to Defend Against...

The City of San Diego provides city services to more than 1.3 million people who live and work in Southern California. To provide these services, the City operates 24 networks, about 40,000 endpoints spread across the county and 14,000 desktops in everything from police cars, trash trucks and city buildings. In order to continue to defend against the half a million cyberattacks a day, including 10-15 ransomware assaults, the City realized they needed a solution…
Data Security

[Podcast] More Scout Brody: Bringing Design Thinking to IoT

By now, we’ve all seen the wildly popular internet of things devices flourish in pop culture, holding much promise and potential for improving our lives. One aspect that we haven’t seen are IoT devices that not connected to the internet. In our follow-up discussion, this was the vision Simply Secure‘s executive director Scout Brody advocates, as current IoT devices don’t have a strong foundation in security. She points out that we should consider why putting a full…
Data Security

[Podcast] Proper Breach Notification

I recently came across an article that gave me pause, “Why Data Breaches Don’t Hurt Stock Prices.” If that’s the case and if a breach doesn’t impact the sale of a company, does security matter? So I asked the Inside Out Security Panel – Forrest Temple, Mike Buckbee and Kilian Englert. They gently reminded me that there’s more than just the stock price to look at – brand, trust, as well as pending lawsuits. In…
Data Security

G’Day, Australia Approves Breach Notification Rule

Last month, Australia finally amended its Privacy Act to now require breach notification. This proposed legislative change has been kicking around the Federal Government for a few years. Our attorney friends at Hogan Lovells have a nice summary of the new rule. The good news here is that Australia defines a breach broadly enough to include both unauthorized disclosure and access of personal information. Like the GDPR, Australia also considers personal data to be any information…
Data Security, Varonis News

It’s Not Just Waymo: IP Most at Risk According to Our RSA Survey

This year, the RSA Conference boasted over 43,000 attendees and 557 exhibitors spread across two enormous and cacophonous halls. Even in the quiet of the hotel room, my ears rang with echoes of the discordant noise about new potential threats. Let’s just say I’ll be eyeing every public outlet from which I charge my phone with suspicion. Tom Foremski, ex-Financial Times journalist and editor/publisher of Silicon Valley Watcher, summed up the experience nicely via ZDNet:…
Data Security

[Podcast] Scout Brody, Ph.D. on Creating Security Systems Usable for All

With spring just a few short weeks away, it’s a good time to clean the bedroom windows, dust off the ceiling fans, and discard old security notions that have been taking up valuable mind space. What do you replace those security concepts with? How about ones that say that security systems are not binary “on-off” concepts, but instead can be seen as a gentle gradient. And where user experiences developed by researchers create security products…
Data Security

Verizon Data Breach Digest 2017

While we’re anxiously waiting for the next edition of the Data Breach Investigations Report (DBIR), Verizon released its annual Data Breach Digest (DBD) earlier this month. What’s the DBD? It condenses the various breach patterns discussed in the DBIR.  In this year’s report, Verizon reduced 12 patterns into a mere four generalized scenarios: the Human Element, Conduit Devices, Configuration Exploitation, and Malicious Software. Of course, when you start abstracting and clustering information, you end up…
Data Security

Cloudbleed – Cloudflare Unauthorized Data Leak

Cloudflare is a huge internet infrastructure company (5.5 million websites), which means that you likely use them every day that you’re online, without ever realizing it. Depending on what metric you use, as much as 25% of the Alexa Top 10000 sites is using Cloudflare for some part of their public facing infrastructure. What Cloudflare Provides Broadly, they provide two services: Massively fast and distributed DNS services Denial of Service attack mitigation (and some related…